Q&A  with  AT&T 

why  he  believes  his  IP  backbone  rules.  PAGE  29. 


Hossein  Eslambolchi  explains 


What’s  LWAPP?  In  our  Technology  Update  section,  we  examine 
a  proposed  standard  for  wireless  LAN  device  interoperability.  PAGE  33. 
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Our  step-by-step  guide  to  addressing  your  most  pressing  network  issues, 
including:  ■  Migrating  to  utility  computing  ■  Getting  more  bang  for 
your  telecom  bucks  ■  Fighting  spam  ■  Mastering  patch  management 
■  Locking  down  your  wireless  LANs  ■  Adding  oomph'  to  your  net 

■  Linking  SAN  islands  page  42, 
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Anti-spam 
market 
braces  for 
shakeout 


■  Congress' 
answer  to 
spam  draws 
mixed 
reactions. 
Page  14. 


■  BY  CARA  GARRETSON 

With  the  onslaught  of  vendors 
jumping  on  the  spam-fighting 
bandwagon,  choosing  the  right 
anti-spam  product  can  be  almost 
as  tedious  as  wading  through  an 
in-box  of  junk  mail.  But  signs  are 
pointing  to  a  shakeout  in  the 
anti-spam  market  over  the  next 
year  or  two  that 
will  eliminate 
many  of  todays 
players. 

By  most  counts 
there  are  about 
70  anti-spam  vendors,  although 
The  Radicati  Group  pins  the 
number  of  companies  selling 
any  type  of  spam  filter  at  about 
300.  As  with  other  hot  technolo¬ 
gy  categories  before  it,  the  anti¬ 
spam  market  will  shake  down 
to  a  few  significant  players,  as 
smaller  companies  that  can’t  dis¬ 
tinguish  their  products  are  gob¬ 
bled  up  or  perish,  observers  say. 
This  should  come  as  good  news 
to  IT  managers  who  will  have 
fewer  options  to  wade  through 
and  can  look  forward  to  building 
relationships  with  large,  sustain¬ 
able  vendors. 

As  evidence  of  the  frenzy,  Meta 

See  Anti-spam,  page  14 
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TechNet  to 
release 
enterprise 
security  tool 

TechNet,  a  national  organi¬ 
zation  of  technology  indus¬ 
try  CEOs 
pushing  a  pol¬ 
icy  agenda, 
tackles  four  to 
six  issues  per 
year,  and  this 
year  one  of  the 
main  agenda 
items  was 
cybersecurity.  The  TechNet 
task  force  that  was  assigned 
the  job  developed  a  security 
self-evaluation  tool  for  busi¬ 
ness  leaders  that  will  be 
announced  Dec.  3  at  the 
Department  of  Homeland 
Security’s  National  Cyber 
Security  Summit  in  Santa 
Clara.  Arthur  Coviello,  presi¬ 
dent  and  CEO  of  RS A 
Security,  co-chair  of  TechNet 
New  England  and  a 
cybersecurity  task  force 
member,  described  the  tool 
and  the  task  force's  goals  to 
Network  World  Editor  in 
Chief  John  Dix. 


GIACOMO  MARCHESI 


Before  we  get  to  the  security  tool, 
give  us  a  little  background  on  the 
mission  of  the  cybersecurity  task 
force. 

Basically  to  provide  a  mecha¬ 
nism  for  TechNet  members,  one, 
to  inform  and  influence  cyber¬ 
security  policy  making  and 
commercial  sector  practices; 
two,  to  support  public/private 

See  Coviello,  page  12 
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You're  being  asked  to  do  more.  You’re  being  asked  to  do  it  with  less.  Windows  Server™  2003  and  new 
Microsoft'  Exchange  Server  2003  work  together  to  manage  these  opposing  forces  and  help  you  deliver  a  more 
robust  and  secure,  remote  e-mail  access  solution  with  less  time,  money,  and  hassle.  Download  your  free 
evaluation  copy  of  Exchange  Server  2003  on  Windows  Server  2003  at  getexchange2003.com 


Timex  executives  needed  full,  fast  access  to  e-mail  while  traveling  globally.  By  deploying  Microsoft  Windows  Server  2003 
and  Exchange  Server  2003,  Timex  got  a  secure  and  cost-efficient  e-mail  solution  that  provided  Web  mail  access. 
This  enabled  executives  and  mobile  employees  to  greatly  simplify  remote  access  and  dramatically  improve  overall 
productivity.  Timex  also  expects  Outlook ®  2003  to  further  improve  efficiency. 


Introducing  Microsoft  Windows  Server  2003.  Do  more  with  less. 
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tliminate  boundaries  and  you  create  opportunity.  At  Nortel  Networks,  we  transform  networks.  Removing  barriers  to  efficiency, 
productivity  and  growth.  Making  your  business  a  more  profitable  place,  nortelnetworks.com 

NORTEL 

NETWORKS 

'  •  ■  BUSINESS  WITHOUT  BOUNDARIES 


boxes  can  be  flattened  walls  can  be  torn  down  leashes  can  be  broken 

welcome  to  the 


gates  can  be  unlocked 
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Our  step-by-step  guide  to  addressing  your 
most  pressing  network  issues,  including: 

■  Migrating  to  utility  computing 

■  Getting  more  bang  for  your  telecom  buck 
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Got  a  techie  on  your  list?  Head  online  to  search  more  than  100  cool 
products  in  our  holiday  gift  guide.  DocFinder:  8632 

Tester’s  Choice:  Dumb  defaults 

We  call  on  security  vendors  —  Cisco  in  particular  —  to  fix  default 
settings  that  leave  users  subject  to  attack.  What  do  you  think?  Share 
your  thoughts  in  our  forum.  DocFinder:  8636 
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Network  Encyclopedia 
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Is  your  data  center  fully  metered,  fully 
accountable  and  fully  effective? 

Learn  the  latest  strategies  and  get  the  practical  applications  at  The  New 
Data  Center:  Powering  the  Enterprise,  a  new  Network  World  Technology 
Tour  event  for  professionals  who  want  to  put  the  power  of  good  ideas  to 
work.  Free  to  qualified  registrants  only. 

DocFinder:  8542 
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ting  some  strange  search  queries  as  of  late.  A  reader  thinks 
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When  you  can't  work  from  home 
Net.Worker  Managing  Editor  Toni  Kistner  looks  at  SuitcWorks, 
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DocFinder:  8734 

Home  Base 

Growing  a  niche  business 
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■  Good  Bad  Ugly 

<=> 

<§>  In  the  money.  While  funding  still  is  tough  to  come  by  for  many  new  network 
companies,  voice-over-IP  service  provider  Vonage  has  parlayed  its  success  and 
publicity  into  a  fresh  $35  million  in  venture  capital.  New  Enterprise  Associates  led 
the  round,  which  brings  Vonage's  total  funding  to  $65.3  million. 


Microsoft  dropping  gavel  on  NetMeeting 

■  NetMeeting,  once  hyped  as  Microsoft’s  answer  to  online  confer¬ 
encing,  is  being  gradually  phased  out  in  favor  of  the  company’s 
newest  real-time  collaboration  tool,  according  to  company  offi¬ 
cials.  Microsoft  already  has  ceased  development  of  the  software. 
NetMeeting,  first  introduced  in  1996,  gives  way  to  Office  Live  Meet¬ 
ing,  a  browser-based  conferencing  service  that  Microsoft  acquired 
when  it  bought  PlaceWare  earlier  this  year. The  service,  and  eventu¬ 
ally  a  server  based  on  the  technology  that  will  include  applications 
sharing  and  whiteboarding,  will  be  linked  into  other  real-time  col¬ 
laboration  tools  from  Microsoft  such  as  Live  Communications 
Server  and  with  client  applications  that  are  part  of  Office. 

Layoffs  loom  at  Sprint 

■  Sprint  announced  last  week  that  2,000  employees  will  be  getting  pink  slips.The  carrier 
says  it’s  reducing  its  staff  in  an  effort  to  lower  the  company’s  “total  operating  expenses  by 
5%  to  7%  over  the  next  three  years  or  more  than  $1  billion  annually’ Sprint  announced  its 
plans  to  reduce  costs  in  September.  Jobs  are  being  eliminated  in  nearly  all  departments, 
according  to  the  carrier. The  layoffs  are  also  the  result  of  the  service  provider’s  reorgani¬ 
zation.  Sprint  has  been  restructuring  the  company  into  two  divisions  that  will  address  the 
consumer  and  business  markets.  Previously  the  company  was  divided  into  several  divi¬ 
sions,  including  wireless,  global  markets  and  local  services.  Sprint  says  employees  affected 
by  the  layoffs  will  receive  severance  packages  based  on  length  of  service. 


2>  Mad  hatters.  Researchers  at  Cornell  and  the  University  of  Virginia  are 
readying  a  challenge  to  Red  Hat's  Fedora  trademark,  currently  under  review  by  the 
U.S.  Patent  and  Trademark  Office.  Fedora  is  Red  Hat's  experimental  Linux  project 
that  was  launched  as  a  community-developed  alternative  to  Red  Hat  Enterprise  Linux 
in  September.  The  universities  use  the  name  Fedora  for  digital  management  software 
that  has  been  downloaded  by  more  than  1,000  users  since  Version  1.0  was  released 


to  harm  a  spammer  using  bullets,  an  ice  pick  and  a  power  drill  —  even  Anthrax. 
Programmer  Charles  Booher  acknowledges  as  much  now  that  he’s  facing  criminal 
charges  for  his  long-running  tirade  against  a  Canadian  company  he  says  wouldn't 
stop  sending  him  pitches  for  penis-enlargement  products.  Prosecutors  still  will  have 
to  convince  a  jury,  though,  all  of  whom  no  doubt  have  in-boxes. 


The  latest  Microsoft  vulnerability 

■  A  set  of  new  security  vulnerabilities  have  been  discovered  in  Microsoft’s  Internet 
Explorer  Web  browser  that  used  together  could  let  hackers  compromise  user  PCs,  re¬ 
searchers  warned  last  week.  The  five  vulnerabilities  have  been  reported  in  Internet  Ex¬ 
plorer  6.0,  although  other  versions  might  have  been  affected,  according  to  a  bulletin 
released  by  security  company  Secunia.The  scripting  flaws  could  let  hackers  bypass  secu¬ 
rity  and  compromise  systems,  giving  them  access  to  sensitive  information  and  cross-site 
scripting, according  to  Secunia.Secunia  has  classified  the  vulnerabilities  as“extremely  crit¬ 
ical”  and  is  advising  all  Internet  Explorer  users  to  disable  Active  Scripting  or  “use  another 
product.”  Microsoft  has  advised  users  to  download  its  latest  Internet  Explorer  cumulative 
patch,  released  Nov.  11,  while  it  looks  into  the  new  vulnerabilities. 

Government  lights  up  lab  network 

■  The  Department  of  Energy's  Office  of  Science  last  week  awarded  the  Oak  Ridge 
National  Laboratory  in  Tennessee  $4.5  million  to  design  a  high-speed  network  capable  of 
operating  at  10G  to  40G  bit/sec.That  speed  is  about  200,000  to  800,000  times  faster  than 
the  fastest  dial-up  connection  of  56K  bit/sec, according  to  a  press  release  from  the  lab.The 
i  1  >totype  system, dubbed  Science  UltraNet,  would  link  ORNL  with  other  research  institu- 

60 M  P E  N  D  I  U  M 

RFIDs  get  easier  to  swallow 

The  iTU  Strategy  and  Policy  Unit  Newslog  reports  that  a  Tokyo  sushi  restaurant  is 
now  using  radio  frequency  identification  tags  to  ensure  customers  get  sushi  that  is 
no  more  than  30  minutes  old.  Read  more  of  U'hat's  on  the  menu  at 
www.nwfusion.com,  DocFinder:  8736. 


tions  that  rely  on  supercomputers  capable  of  trillions  of  calculations  per  second. The  net¬ 
work  would  let  the  scientists  quickly  complete  projects  that  require  the  transfer  of  large 
amounts  of  data.The  three-year  effort  would  let  the  three  ORNL  scientists  in  charge  set  up 
an  experimental  network  linking  the  Oak  Ridge  lab  to  others  in  Atlanta,  Chicago  and 
California. 

VoIP  shipments  boom 

■  A  report  released  last  week  from  Dell’Oro  Group  shows  that  enterprise  IP  PBX  line  ship¬ 
ments  in  the  third  quarter  reached  1.53  million,  double  that  from  the  same  quarter  a  year 
ago.  Line  shipments  also  grew  by  23%  over  the  previous  quarter,  the  Dell’Oro  report  says. 
The  market  leader  is  Cisco,  which  saw  its  line  shipments  grow  by  58%  over  the  third  quar¬ 
ter  of  last  year.  Nortel  was  second  in  terms  of  line  shipments,  followed  by  Avaya,  Alcatel 
and  Siemens.  Avaya  saw  the  second-best  growth  spurt  in  the  market  last  quarter,  increas¬ 
ing  its  shipments  by  28%. 

Leader  of  HP-Compaq  integration  leaves  company 

■  Jeff  Clarke,  the  former  Compaq  CFO  who  led  the  integration  team  overseeing  the  com¬ 
pany’s  merger  with  HP  has  resigned  effective  immediately  from  HP  Along  with  Webb 
McKinney  who  also  recently  announced  plans  to  retire,  Clarke  was  in  charge  of  orches¬ 
trating  the  integration  of  the  largest  acquisition  in  the  technology  industry’s  history  After 
the  integration,  Clarke  assumed  the  role  of  executive  vice  president  of  global  operations 
in  charge  of  HP’s  supply  chain  operations.  An  HP  spokesman  said  the  company  would  not 
comment  on  reasons  for  Clarke’s  departure.  A  call  to  Clarke’s  office  was  greeted  by  an 
automated  message  informing  callers  the  line  had  been  disconnected, and  an  e-mail  mes¬ 
sage  was  returned  to  sender.  A  number  of  HP  executives  have  left  the  company  in  recent 
weeks,  including  the  former  head  of  Compaq’s  server  division,  Mary  McDowell.  Despite  the 
departures,  HP  last  week  posted  its  best  financial  results  since  the  merger  with  Compaq. 


YOUR  NEXT-GENERATION  NETWORK 
COULD  BE  JUST  A  SWITCH  AWAY 


More  and  more  of  your  desktops,  notebooks  and  servers  are  equipped  with  Gigabit  Ethernet— but  are  your  switches  also  ready  for  the 
increased  demands  of  real-time  business?  Broadcom’s  highly  integrated  Gigabit  technology  is  designed  to  speed  the  cost-effective 
migration  from  Fast  Ethernet  to  Gigabit  Ethernet,  end-to-end.  That’s  why  the  top  5  switch  manufacturers  turn  to  Broadcom  when  they 
need  high-performance,  field-proven  Gigabit  Ethernet  chips1  with  advanced  features  like  the  industry’s  only  built-in,  real-time  cable 
diagnostics  and  correction.  So  whether  you’re  upgrading  your  entire  enterprise,  your  remote  offices  or  just  select  departments,  Broadcom® 
technology  inside  your  switches  gives  you  what  you  need  to  complete  your  next-generation  network— today. 


To  have  a  true  next-generation  network,  you  need  to  have  Gigabit 
Ethernet  throughout  your  network,  end  to  end.  When  it’s  time  to 
upgrade  your  switches,  look  for  Broadcom*  technology  to  help  you 
create  that  hassle-free  network.  Register  for  our  new  webcast, 
“Network  Infrastructure  for  the  Next-Generation  Real-Time  Enterprise," 
now  at  www.networkworld.gobroadcom.com/webcast 
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App  server  rivals 
team  on  specs 


ReefEdge,  others  aim  to 
advance  wireless  LANs 


■  BY  ANN  BEONARZ 

IBM  and  BEA  Systems  last  week  announced  they  are  working  jointly 
on  three  specifications  aimed  at  making  it  easier  for  customers  to  port 
applications  between  the  two  companies’  rival  application  server  plat¬ 
forms,  IBM’s  WebSphere  Application  Server  and  BEAs  WebLogic  Server. 

The  specifications’  intent  is  to  simplify  the  task  of  building  applica¬ 
tion  server  components, such  as  servlets  and  Enterprise  JavaBeans.and 
make  it  easier  for  customers  to  run  applications  that  work  across  both 
companies’ Java  2  Platform  Enterprise  Edition  (J2EE)  servers. 

“The  Java  platform  is  very  powerful  in  terms  of  capabilities,  but  it’s 
also  fairly  complex  and  requires  very  talented  programmers,”  says  Ed 
Cobb,  BEAs  vice  president  of  architecture  and  standards.  The  three 
specifications  are  about  providing  common  tools  so  it’s  easier  for  cor¬ 
porate  developers  to  build  applications  in  Java,  Cobb  says. 

IBM  and  BEA  are  the  two  dominant  application  server  vendors,  with 
a  combined  66%  market  share,  according  to  Gartner. The  fact  that  the 
two  leaders  have  gotten  together  to  create  the  specifications  is  good 
news  for  customers,  says  Ted  Schadler,  principal  analyst  at  Forrester 
Research.  Customers  want  choices,  and  they  don’t  want  to  be  locked 
into  one  platform,  he  says. “They  want  control  over  how  the  technolo¬ 
gy  is  deployed  and  how  it  works  together?’  he  says. 

The  companies’  joint  specifica¬ 
tions  are: 

•  Service  Data  Objects,  which 
provides  a  consistent  means  for 
an  application  to  extract  data 
from  heterogeneous  data  sources, 
including  relational  databases, 
XML  data  sources,  Web  services 
and  enterprise  information 
systems. 

•  Work  Manager  for  Application 
Servers,  which  provides  a  way  for 
J2EE-based  applications  to  sched¬ 
ule  work  items  that  are  executed 
concurrently 

•  Timer  for  Application  Servers, 
which  provides  a  way  for  J2EE- 

based  applications  to  schedule  and  receive  timer  notifications. 

IBM  and  BEA  plan  to  implement  the  specifications  in  their  respective 
WebSphere  and  WebLogic  platforms  in  the  next  12  months,  the  com¬ 
panies  say. They  plan  to  submit  the  proposed  specifications  to  the  Java 
Community  Process  (JCP),a  standards-setting  body  created  by  Sun. 

The  two  companies  opted  to  first  collaborate  independent  of  a  stan¬ 
dards  body  in  the  hopes  of  accelerating  the  standards  process. “We’re 
hoping  that  by  taking  some  leadership  on  the  innovation  side  and  get¬ 
ting  these  specifications  down  on  paper,  it  will  shorten  the  cycle,"  says 
Rod  Smith,  vice  president  in  charge  of  IBM’s  Internet  and  emerging 
technologies. 

When  standards  are  created  by  committee,  it’s  a  slow,  painful  and 
often  politically  motivated  process,  Schadler  says.  Building  support  for 
a  specification  in  the  field  speeds  standards  adoption,  but  it’s  not  the 
way  the  JCP  has  worked  historically. “The  JCP  has  been  very  much  of 
an  old  school  standards  bod>fSchadlersays.“[As  a  result]  the  pace  of 
improvement  in  Java  has  been  glacial." 

IBM  has  teamed  with  rivals  in  the  past  for  the  sake  of  speeding  stan¬ 
dards  development,  most  notably  working  with  Microsoft  on  Web  ser¬ 
vices  standards  such  as  Simple  Object  Access  Protocol,  Web  Services 
Description  Language  and  Business  Process  Execution  Language  for 
Web  Services. 

While  tivals  might  not  appreciate  two  dominant  vendors  getting 
together  on  what  potentially  could  become  de  facto  standardization, 

customers  do,  Schadler  says. 

So  far,  application  server  rivals  such  as  Sun  and  Oracle  have  not 
pledged  their  support  for  the  proposed  standards  from  IBM  and 
BEA  ■ 


Platform 

popularity 

The  top  two 
application  server 
vendors,  IBM  and  BEA 
Systems,  own 

66% 

of  the  market, 
according  to  Gartner. 


■  BY  JOHN  COX 

ReefEdge  Networks,  a  specialist  in  security  gate¬ 
ways,  this  week  will  jump  into  the  crowded  wire¬ 
less  LAN  switch  market  with  products  designed 
to  help  customers  more  fully  centralize  WLAN 
management. 

Industry  observers  see  the  move  as  one  of  com¬ 
petitive  necessity  The  emergence  of  WLAN  switch 
vendors  such  as  Airespace  and  Aruba  Wireless  Net¬ 
works  that  provide  management  capabilities  on  top 
of  security  features  is  forcing  security  gateway  ven¬ 
dors  to  extend  their  offerings  with  management 
tools. 

ReefEdge  will  be  one  of  a  number  of  vendors  mak¬ 
ing  WLAN-related  announcements  at  this  week’s  Wi¬ 
Fi  Planet  show  in  San  Jose. . 

All-in-one  box 

The  ReefSwitch  25’s 
features  include: 


reefedge 


•  Layer  2  and  3  switching. 

•  Up  to  three  ports  for  access¬ 
ing  WLAN  access  points. 

•  A  built-in  access  point. 

•  Pricing  that  starts  at  $1,390. 

The  company’s  ReefSwitches,  of  which  there  ini¬ 
tially  will  be  three  models, are  designed  to  support 
Wl  ANs  spread  over  numerous  locations, such  as  a 
chain  of  retail  stores.  The  products  will  work  with 
ReefEdge’s  existing  gateways,  which  provide  secur¬ 
ity  features  for  wireless  access  points  and  link  with 
existing  network  security  systems, such  as  RADIUS 
authentication  servers.  However,  the  new  switches 
also  will  provide  a  migration  path  for  ReefEdge 
customers  away  from  the  more  one-dimensional 
gateways. 

The  ReefSwitches  are  Layer  2/Layer  3  Ethernet 
devices  that  run  an  operating  system  that  incorpo¬ 
rates  much  of  the  code  from  the  gateway  line,  but 
they  also  include  software  for  such  jobs  as  manag¬ 
ing  radio  waves  and  detecting  unauthorized  access 
points.The  switches  are  designed  to  work  with  third- 
party  access  points  —  starting  with  Cisco’s  Aironet 
line  and  later  with  offerings  from  Netgear,  Proxim 
and  Symbol  Technologies. 

"They’ve  always  been  a  cross-platform  company?’ 
says  Craig  Mathias,  principal  with  Farpoint  Group. 
“Their  goal  is  to  provide  all  the  functionality  that  a 
WLAN  system  doesn’t  have  but  needs,  and  do  this 
for  WLANs  at  multiple  sites.” 

The  smallest  of  the  new  switches,  the  ReefSwitch 
25,  is  for  sites  with  no  network  or  IT  support  staff. 
Administrators  plug  in  the  device  and  directly  attach 
up  to  three  WLAN  access  points  or  use  the  built-in 
access  point.  The  box  connects  to  a  higher-end 
ReefSwitch  at  a  central  site, downloading  configura¬ 


tion  and  settings  from  that  switch. 

Mark  Juliano,  ReefEdge’s  vice  president  of  strategy, 
says  the  device  can  support  local  users  even  if  the 
back-end  WAN  connection  is  down.  The  operating 
system  minimizes  network  congestion  by  handling 
all  local  traffic  on  its  own  and  only  sending  back  to 
a  central  site  that  traffic  which  must  go  there,  he  says. 
For  example,  the  ReefSwitch  25  has  a  local  database 
to  handle  authentication  and  can  support  security 
schemes  such  as  IP  Security  on  a  VPN  or  802.1x.  It 
also  can  work  with  central  RADIUS  servers. 

The  ReefSwitch  25  starts  at  $1,390,  about  half  the 
cost  of  Aruba’s  new  800  model  switch,  which  also 
features  optional  software  applications  at  $2,000 
apiece. 

The  higher-end  ReefSwitch  200A  comes  with  four 
Gigabit  Ethernet  ports  and  is  designed  for  data  cen¬ 
ters  or  network  operations  centers.  Its  software  lets 
administrators  configure,  monitor  and  secure  the 
branch-office  devices,  and  perform  remote  monitor¬ 
ing  of  the  radio  frequencies  in  those  branches. The 
starting  price  is  $9,900. 

Early  next  year,  ReefEdge  will  ship  the 
ReefSwitch  300,  with  12  Ethernet  ports  and  Giga¬ 
bit  Ethernet  support  to  link  with  the  backbone.  As 
such.it  can  be  installed  in  wiring  closets  or  at  the 
network  core.The  starting  price  is  expected  to  be 
$12,900. 

Also  on  the  WLAN  front  this  week: 

•  Network  Chemistry  is  planning  to  introduce  its 
Wireless  Intrusion  Protection  System,  which 
includes  radio  sensors  that  can  run  on  2.4-  and 
5-GHz  bands.The  product  is  designed  to  monitor  air¬ 
waves  and  feed  back  to  a  Windows  application  an 
array  of  real-time  diagnostic  measures  on  access 
points  and  wireless  clients.  Sensors  support  power 
over  Ethernet  and  don’t  require  a  wall  outlet.  The 
sensors  cost  about  $500. 

•  Enterasys  Networks  will  unveil  the  RoamAbout 
AP3000  access  point,  which  can  work  on  either  the 
2.4-  or  5-GHz  bands,  and  connects  via  802.1  la,  b  or 
g.The  device  can  be  set  up  as  an  individual  access 
point  or  as  part  of  the  network  infrastructure  man¬ 
aged  by  Enterasys'  NetSight  Atlas  management 
application. 

•  Proxim  is  expected  to  update  its  Orinoco  AP- 
2000  and  AP-600  access  points  with  an  array  of  new 
security  features  and  better  scalability  (although  the 
company  did  not  reveal  many  details). Among  other 
things,  the  devices  now  will  detect  rogue  access 
points. 

•  For  equipment  makers,  Propogate  Networks  will 
unveil  its  AutoCell  software  for  creating  self-adjust¬ 
ing  wireless  access  points  and  client  network  inter¬ 
face  cards.  The  software  monitors  the  entire  WLAN 
radio  frequency  and  adjusts  variables  such  as  radio 
power  levels  to  minimize  radio  interference. 

•  Also  for  equipment  makers,  Fabless  semicon¬ 
ductor  company  Motia  will  air  a  “beam-forming” 
WLAN  antenna  called  Javelin.  Such  antennas  have 
several  components  to  receive  signals,  and  software 
combines  the  signals  for  optimum  strength.  Motia 
says  the  antenna  can  extend  typical  WLAN  ranges 
by  a  factor  of  four  when  used  in  the  client  and 
access  point. The  antenna  is  for  802. 1 1  b  and  802. 1 1  g 
devices  and  works  with  any  transceiver  chipset, 
according  to  the  vendor.  ■ 
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Dell  brings  some 
tech  support  home 

■  BY  TOM  KRAZIT 

Dell  last  week  said  it  has  brought  some  technical  support  work 
back  to  the  U.S.  after  corporate  customers  complained  about 
the  quality  of  service  they  were  receiving  from  workers  in  other 
countries. 

The  company  has  moved  aggressively  to  shift  technical  support 
to  centers  in  countries  such  as  India,  but  complaints  have  caused 
Dell  to  move  support  for  its  Optiplex  desktops  and  Latitude  note¬ 
books  back  to  U.S.  call  centers  in  Idaho,  Texas  and  Tennessee, 
among  others,  according  to  a  Dell  spokesman.  He  could  not  cite 
any  other  examples  of  Dell  having  shifted  support  from  overseas 
to  the  U.S. 

Dozens  of  U.S. companies  have  set  up  technical  support  and  soft¬ 
ware  development  centers  in  India,  China  and  other  countries 
where  they  can  pay  workers  far  less  than  a  typical  U.S.  worker 
would  command  for  the  same  position.  The  companies  say  this 
approach  has  allowed  them  to  cut  costs  dramatically,  but  some 
U.S.  workers  and  politicians  fear  companies  will  permanently 
move  all  types  of  back-office  jobs  outside  of  the  U.S.,  forcing  work¬ 
ers  to  seek  new  types  of  employment. 

Dell  said  support  calls  for  products  other  than  the  Optiplex 
desktops  and  Latitude  notebooks  and  consumer  support  still  will 
be  handled  by  one  of  its  20  global  call  centers,  based  on 
capacity. 

Krazit  is  a  correspondent  with  IDG  News  Service ’s  Boston  bureau. 


Mirage  protects  the  LAN 


■  BY  TIM  GREENE 

Mirage  Networks  is  wheeling 
out  an  appliance  designed  to 
halt  quick-spreading,  LAN-based 
worms  and  viruses  by  neutraliz¬ 
ing  individual  infected  mach¬ 
ines  rather  than  cordoning  off 
entire  parts  of  affected  net¬ 
works. 

Called  the  Mi40  Inverted 
Firewall,  the  device  intercepts 
attacks  by  responding  as  if  it  is 
the  targeted  host  so  further 
attempts  never  reach  the  target¬ 
ed  machines.  This  cuts  off  the 
attack  without  disrupting  net¬ 
work  access  for  other  devices. 

While  competitor  Silicon 
Defense  performs  similar  func¬ 
tions,  Mirage  says  its  Inverted 
Firewall  can  block  attacks  host- 
by-host  without  shutting  down 
access  to  entire  subnets.  The 
MHO  can  intercept  traffic  from 
the  specific  IP  ports  generating 
the  suspect  traffic,  making  it  pos¬ 
sible  to  block  the  attack  but  still 
use  the  infected  machine  safely. 
“They  can  still  do  other  work  on 
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Employees: 

V 

30 

J 

that  machine,  but  it  denies  the 
worm  the  ability  to  do  its  dam¬ 
age,”  says  Michael  Disabato,  an 
analyst  with  Burton  Group. 

Inverted  Firewall  connects  to 
mirroring  ports  on  up  to  four 
LAN  switches  at  a  time,  monitor¬ 
ing  all  their  traffic  for  signs  of 
possible  intrusions.  These  in¬ 
clude  attempts  to  reach  unas¬ 
signed  IP  addresses  (something 
worms  do  to  scan  for  vulnerable 
machines),  improperly  config- 


Server  market  shows  signs  of  life 


■  BY  ROBERT  MCMILLAN 

After  two  years  of  contraction  the  worldwide 
server  market  is  growing  again,  according  to 
the  latest  figures  from  IDC. 

Server  revenue  for  the  third  quarter  grew  by 
2%  compared  with  the  same  period  a  year  ear¬ 
lier,  says  Mark  Melenovsky,  program  director  in 
IDC’s  server  group.  Worldwide  server  revenue, 
which  includes  the  costs  of  server  hardware, 
operating  systems  and  initial  storage  ship¬ 
ments,  reached  $10.8  billion,  up  from  $10.6  bil¬ 
lion  in  the  year-ago  quarter. 

Measured  by  the  number  of  units  shipped, 
the  server  market  grew  by  19.5%,  led  by  strong 
sales  of  servers  based  on  processors  from  Intel 
and  Advanced  Micro  Devices,  IDC  found. 

This  is  a  good  sign  and,  I  think,  a  sign  that 
spending  for  enterprise  IT  is  on  a  growth  tar¬ 
get  (Melenovsky  says.  He  predicts  that  the  mar¬ 
ket  will  grow  by  2%  or  3%  year-over-year  next 
quarter,  and  that  server  sales  for  2004  would 
increase  by  about  5%  over  2003. 

IBM  retained  its  lead  of  the  server  market, 
with  a  31.1'  market  share  on  revenue  of  $3.4 
billion.  HP  was  second,  with  27.7%  on  $3  bil¬ 
lion  in  revenue,  followed  by  Sun  and  Dell,  with 
10.8'  and  9.5%  of  the  market, on  sales  of  $1.17 
billion  and  $1.03  billion,  respectively 

IBM  extended  its  lead  over  HP  slightly  by 
posting  strong  growth  in  all  its  server  lines,  he 
says. The  company’s  sener  revenue  increased 
bv  6.6  year-over-year.  Its  pSeries  Unix  systems 
did  particularly  well,  bucking  an  industry 
trend  and  growing  by  2%  in  a  Unix  server  mar¬ 
ket  that  shrunk  by  3.8%  overall.The  gains  were 


due  in  part  to  a  wide-ranging  refresh  of  IBM’s 
pSeries  servers, many  of  which  were  upgraded 
to  Power4+  processors  this  year. 

Sun  was  hardest  hit  by  the  decline  in  Unix 
spending.  Its  market  share  dropped  by  9.3% 
from  the  same  quarter  in  2002.  Strong  growth 
in  the  Linux  market,  which  grew  by  50%,  took 
its  toll  on  Sun.  Linux  systems  sold  particularly 
well  in  high-performance  computing  clusters 
as  well  as  the  Web  infrastructure  market,  and 
did  not  appear  to  be  affected  by  The  SCO 
Group’s  claims  of  intellectual  property  viola¬ 
tions  in  the  Linux  operating  system,  he  says. 


Windows  server  sales  also  grew  at  a 
respectable  pace,  increasing  by  10%  from  the 
previous  year,  Melenovsky  says.“There  are  a  lot 
of  systems  that  were  bought  in  1999  or  2000 
that  are  . . .  being  replaced,”  he  says. 

When  measured  by  the  number  of  units 
shipped,  Windows  remained  far  ahead  of 
Linux,  with  841,000  Windows  servers  shipped 
in  the  quarter,  compared  with  210,000  Linux 
boxes,  Melenovsky  says. 

McMillan  is  a  correspondent  with  IDG  New 
Service 's  San  Francisco  bureau. 


A  better  VPN  on  the  way? 


■  BY  TIM  GREENE 

There  might  soon  be  a  new  standard  that 
makes  IP  Security  VPNs  more  secure  and  eas¬ 
ier  to  configure. 

After  two  years  of  deliberations, a  committee 
of  the  Internet  Engineering  Task  Force  is  just 
about  ready  with  a  proposal  to  replace 
Internet  Key  Exchange  (IKE),  the  protocol 
that  manages  encryption  keys  under  the 
IPSec  standards. 

The  group  was  looking  at  revising  IKE 
because  it  was  deemed  theoretically  at  risk  of 
attacks,  although  no  successful  exploit  has 
ever  been  reported. 

Part  of  its  weakness  stems  from  the  fact  that 
it  is  complex.  In  other  words,  attackers  have 
more  components  to  try  to  crack.  The  com¬ 
plexity  also  makes  it  more  difficult  for  vendors 


to  sync  up  their  implementations  with  those 
of  other  vendors.  Interoperability  problems 
make  it  more  difficult  to  create  VPN  tunnels 
with  business  partners  that  have  bought  VPN 
gear  from  different  vendors. 

The  new  proposal,  called  IKEv2,  would  be 
less  flexible  than  IKE,  but  that  is  the  price  of 
simplicity  This  streamlining  of  the  protocol 
also  would  be  reflected  in  the  configuration 
parameters  of  VPN  equipment:  with  fewer 
parameters  to  set, configuration  would  be  less 
timeconsuming.  With  fewer  fields  to  fill  in, 
there  also  would  be  less  opportunity  for 
human  error  that  could  take  a  lot  of  effort  to 
uncover  and  correct. 

At  its  recent  meeting,  the  IETF  working 
group  on  IPSec  declared  the  draft  of  the  IKEv2 
proposal  ready  for  publication,  with  a  vote  on 
it  to  follow  shortly  after  that.® 


ured  packet  headers  and  sud¬ 
den  spikes  in  the  number  of  IP 
addresses  with  which  a  host  tries 
to  talk. 

If  it  suspects  an  attack  against 
an  active  IP  address,  it  redirects 
the  attack  to  itself  and  drops  the 
traffic.  If  the  suspicious  behavior 
stops  and  a  preset  time  interval 
elapses,  Inverted  firewall  stops 
intercepting  traffic  from  the  sus¬ 
pect  machine.  The  Inverted 
Firewall  also  responds  to 
attempts  to  reach  unassigned  IP 
addresses,  tying  up  all  the  attack 
threads  from  the  infected  host. 

Answering  messages  sent  to 
unassigned  IP  addresses  also 
can  work  as  an  early  warning 
system,  says  Mark  Wilkinson, 
Mirage  CTO  and  a  co-founder 
of  the  2-year-old  start-up.  Unas¬ 
signed  addresses  have  a  better 
chance  of  being  hit  first  or 
early  in  an  attack  that  is  prob¬ 
ing  random  IP  addresses.  That 
is  because  80%  or  more  of  pri¬ 
vate  IP  adcfresses  are  unas¬ 
signed  in  most  corporate  net¬ 
works,  he  says. 

Competing  security  vendors 
include  NetScreen  Technologies 
and  IntruVert  Networks,  but  they 
are  focused  more  on  stopping 
incursions  entering  from  the 
WAN. 

Inverted  firewall  differs  from 
some  other  intrusion-protection 
and  -detection  devices  in  that  it 
does  not  sit  in-line  with  traffic, 
meaning  that  it  does  not  slow 
traffic  as  it  works,  nor  does  it 
block  traffic  if  it  crashes. 

It  also  differs  in  that  it  bases 
detection  solely  on  rules  about 
the  behavior  of  network  devices, 
not  packet-level  signatures.  The 
MHO  learns  patterns  of  normal 
network  traffic  over  time,  helping 
it  decide  what  is  suspect  traffic. 

MHO  Inverted  firewall  is  ex¬ 
pected  to  be  available  in  the 
middle  of  this  month  and  costs 
$1 2,000.1 
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continued  from  page  1 

efforts  to  protect  America's 
information  infrastructure;  and 
three,  to  promote  awareness 
and  best  practices  in  cyberse¬ 
curity  —  which  is  what  this 
tool  is  about  —  then  develop 
policy  statements  on  key  top¬ 
ics.  What  we’re  trying  to  do  is 
get  everyone  to  use  this  self- 
assessment  tool  by  April  4, 
2004,  which  would  be  roughly 
four  months  after  we 
announce  it.  We’re  calling  it  a 
national  cybersecurity  day. 

Describe  the  tool. 

It  covers  multiple  areas.  One 
section  is  on  business  dependen¬ 
cy,  how  much  you  rely  on  IT. 

Then  there  is  a  section  about  risk 
evaluation  and  then  a  segment 
about  people,  evaluating  the  per¬ 
sonnel  aspect  of  your  informa¬ 
tion  security  program. Then 
processes:  What  are  your 
processes  for  implementing 
security?  And  technology  evalua¬ 
tion  is  the  last  section. 

Is  it  aimed  at  CEOs? 

The  CEO  and  CIO  ought  to 
look  at  the  business-dependen¬ 
cy  and  risk-management  evalua¬ 
tion,  and  then  bring  in  other 
people  for  the  people,  process 
and  technology  sections.  It  is  a 
questionnaire.  It  is  not  a 
panacea  for  security.  But  if  you 
follow  these  questions  it  will 
lead  you  down  the  path  of  how 
to  properly  evaluate  your  securi¬ 
ty  and  help  you  recognize 
where  you  might  be  deficient. 

The  primary  purpose  of  us 
doing  this  is  we  don’t  think 
there  is  enough  awareness 
about  cybersecurity  at  the  CEO 
level.  Now,  1  happen  to  think  that 
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■  THIS  WEEK'S  QUESTION: 

Which  company  in  the  late 
1990s  snapped  up  firms 
called  Assured  Access, 
Internet  Devices,  Packet 
Engines  and  Xylan? 

Slumped?  Get  the  answer  onine. 

Vi:  Network  World  Fusioo  and  enter 
2349  in  the  Search  box. 


the  planets  are  aligning  and 
there  is  certainly  far  more  CEO 
attention  being  called  to  issues 
of  internal  control  —  especially 
with  Sarbanes-Oxley  s  provisions 
on  internal  control  —  and  any 
cybersecurity  system  tends  to 
be  a  subset  of  your  overall  inter¬ 
nal  control  system. 

So  this  tool  gives  CEOs  the 


ability  to  look  at  the  cyber 
aspects  of  their  overall  system  of 
internal  controls  and  make  sure 
that  particular  flank  is  covered. 
And  as  more  companies  rely 
and  depend  on  the  Internet  to 
run  their  businesses,  this  tool 
becomes  more  critical  to  use 
and  understand. 

You  said  you  used  the  tool  internal¬ 
ly  at  RSA  and  it  actually  helped. 
What  did  you  discover? 

It  allowed  me  to  revisit  a  lot  of 
the  work  we  had  done  and  do  it 
in  a  very  structured  fashion.  And 
keep  in  mind  that  any  cyberse¬ 
curity  system,  or  any  system  of 
internal  control,  needs  to  be  con¬ 
stantly  reviewed  and  updated. 
And  this  gives  a  very  useful 
guideline  not  only  for  evaluating 
it  for  the  first  time,  but  also  for 
going  back  on  a  regular  basis  to 
ensure  that  things  are  properly 
updated  and  followed. 

Our  documentation  around 
policy  and  procedures  needed 
to  be  better,  because  with 
changing  personnel  you  have  to 
make  sure  these  things  are  doc¬ 
umented.  I  certainly  found  it 
useful  in  that  respect.  I  also 
found  it  useful  in  terms  of  con¬ 
firming  the  things  we  were 
doing  correctly,  that  we  had  the 
processes  and  technology  and 
the  people  watching  over  it. 


How  long  does  the  evaluation  take? 

It  can  be  done  in  a  matter  of 
hours,  but  a  lot  of  it  is  in  the  fol¬ 
low-up  work,  in  following  up 
questions  that  you  might  not 
have  the  answers  to.  It  will  vary 
from  business  to  business. 

There  could  be  wide  diver¬ 
gence  in  the  time  it  took  us  vs.  a 
company  that  needs  to  over¬ 
haul  its  internal  controls. 
But  in  terms  of  just  point¬ 
ing  you  in  the  right  direc¬ 
tion,  just  to  get  through  the 
questionnaire  itself  is  a 
matter  of  hours.  It’s  about 
80  questions,  15  pages.  (The 
document  will  be  available 
at  www.technet.org  after 
Dec.  3.) 

How  many  people  do  you  need 
to  assemble  to  get  through  it? 

You’re  going  to  want  to 
start  off  with  the  CEO,  the 
CIO,  the  CSO  if  you  have 
one,  certain  members  of 
the  IT  team.  I  would  recom¬ 
mend  you  bring  the  CFO 
into  the  discussion  as  well. 
Depending  on  what  issues 
come  out  of  it,  then  you’re 
going  to  bring  in  other  staff 
to  see  that  issues  that  need 
to  get  addressed  get 
addressed  by  the  appropri¬ 
ate  functional  area. 

Why  should  CEOs  believe  a  bunch  of 
security  vendors  about  the  best 
approach  to  security?  Won’t  most 
be  suspect  of  your  motives? 

We  reference  a  lot  of  material, 
and  we’re  not  telling  people  to 
go  out  and  buy  all  sorts  of  prod¬ 
ucts.  But  if  companies  such  as 
RSA  and  Internet  Security 
Systems  and  VeriSign  don’t 
know  at  least  about  the  technol¬ 
ogy,  I  don’t  know  who  the  heck 
would.  Certainly  other  folks  like 
the  CPA  firms  can  add  a  lot  of 
value,  but  this  is  a  tool  that  is 
pretty  generic,  and  1  would  think 
people  would  give  us  a  certain 
amount  of  credit  for  having  the 
right  knowledge  and  expertise 
to  make  a  judgment  in  this  area. 

Is  your  hope  that  if  industry  does 
these  self-evaluations  it  will  pre¬ 
empt  any  efforts  to  regulate 
security? 


Correction 


IB  The  Cool  Tools  column  (Nov. 
24,  page  32)  should  not  have 
stated  that  the  Boatman  can 
take  an  optional  SmartMedia 
Card. 


Arthur  Coviello,  president  and  co-chair  of 
TechNet  New  England,  says  the  group's 
new  security  self-evaluation  tool  will  help 
companies  put  security  issues  in  a  con¬ 
text  that  upper  management  can  relate 
to.  TechNet  includes  a  variety  of  industry 
bigwigs,  such  as  John  Chambers,  CEO  of 
Cisco,  and  Carly  Fiorina,  CEO  of  HP. 


What  we  want  from  the  gov¬ 
ernment  is  to  play  the  right 
role. There  seems  to  be  violent 
agreement  that  it  would  be  very 
difficult  for  federal  and  state 
government  to  legislate  specific 
technologies  around  security 
because,  one,  the  lack  of  exper¬ 
tise,  whether  it  is  the  FCC  or 
Congress  or  in  general;  and 
two,  the  dynamic  nature  of  IT 
systems. 

Flaving  said  that,  the  govern¬ 
ment  already  regulates  a  num¬ 
ber  of  industries, such  as  public 
utilities,  telecommunications, 
financial  services  and  health¬ 
care.  And  I’m  certainly  not  sug¬ 
gesting  that  government  doesn’t 
have  a  role  to  play  in  respect  to 
issues  of  individual  consumers 
and  people’s  privacy.  But  to  leg¬ 
islate  very  specific  requirements 
around  cybersecurity  where 
industries  and  risk  profiles  are 
so  different,  1  would  not  be  in 
favor  of  seeing  that. 

We  need  companies  to  self- 
regulate. There  is  a  strong  mar¬ 
ket  requirement  to  do  that  — 
risk  of  financial  loss,  risk  of  loss 
of  reputation,  trust.  And  there 
are  technologies  out  there  that 
can  take  care  of  the  lion’s 
share  of  the  threats,  and  that’s 
why  TechNet ’s  leadership  is 
good  in  terms  of  promoting 
that. 

If  you  look  at  any  of  the 
spending  and  budget  polls, 
you’ll  always  see  security  at 
or  near  the  top,  so  companies 
are  taking  the  issues  seriously. 
We  would  like  to  see  CEOs  have 
a  better  understanding  overall 
of  why  the  issue  is  so  important. 
And  it  comes  back  to  the  tool 
as  being  a  good  way  to  bring 
awareness  at  the  CEO  level. 

You  talk  about  security  being  a 
business-level  concern  now.  How 
best  can  IT  leaders  promote  this 
within  their  organizations? 

There  is  a  tendency  for  tech¬ 
nologists  just  to  think  in  terms 
of  technology  and  talk  about 
budgets  for  this  and  implement¬ 
ing  that,  and  because  we  under¬ 
stand  as  technologists  the  busi¬ 
ness  importance  for  it,  we 
assume  others  do. 

This  tool,  especially  the  busi¬ 
ness-dependency  and  risk- 
assessment  aspects, should  be 
something  that  is  read  by  tech¬ 
nologists  so  that  when  they 
communicate  with  upper  man¬ 
agement  they  can  put  issues  in 
context.  In  that  sense  it  is  a 
great  tool.B 
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Room  to  grow 

Only  about  30%  of  companies  today  employ  anti-spam 
technology,  leaving  much  of  the  potential  customer  base 
untapped. 


Anti-spam 

continued  from  page  1 

Group  analyst  Matt  Cain  says  at 
least  $150  million  of  venture  cap¬ 
ital  has  been  invested  in  anti- 
spam  companies  over  the  past  six 
months.There  will  be  a  heck  of  a 
lot  of  dissatisfied  [venture  capital¬ 
ists]  because  not  all  of  these  com¬ 
panies  will  make  it,”  he  says.  “We 
see  the  market  expanding 
through  2004  and  expect  in  2005 
there  will  be  a  severe  contraction 
and  market  consolidation  charac¬ 
terized  by  vendor  failure  and  very 
aggressive  merger  and  acquisi¬ 
tion  activity 

In  the  short  term, pricing  for  anti¬ 
spam  products  will  decline  as 
competition  remains  strong,  Cain 
continues,  but  once  market  play¬ 
ers  establish  themselves,  compa¬ 
nies  can  expect  to  pay  more.“Over 
the  next  two  years,  once  we  see 
consolidation  down  to  10,  then 
maybe  five  vendors,  we  expect  to 
see  prices  escalate.  However,  the 
products  will  mature  and  func¬ 
tionality  will  expand,  so  you’ll  be 
paying  more  but  you’ll  be  getting 


more,”  he  says. 

No  one  expects  the  market  to 
contract  just  yet, although  signs  of 
consolidation  are  beginning  to 
emerge.  E-mail  services  company 
IronFbrt  last  week  announced  the 
acquisition  of  anti-spam  commu¬ 
nity  and  blacklist  maintainer 
SpamCop,  with  plans  to  integrate 
SpamCop’s  feedback  on  spam¬ 
mers  into  its  e-mail  rating  system. 
Other  moves  include  anti-virus 
vendor  Sophos’  acquisition  of 
spam  filter  maker  ActiveState,  and 
security  company  Network  Asso¬ 
ciates’  purchase  of  anti-spam  soft¬ 
ware  developer  Deersoft. 

Nonetheless,  with  only  about 
30%  of  ail  corporations  employ¬ 
ing  spam  filters  today  there  are 
still  plenty  of  opportunities  for 
vendors  (see  graphic). “The  mar¬ 
ket  is  so  big  that  lots  of  [anti¬ 
spam]  companies  are  doing 
well,”  says  Doug  Carlisle,  manag¬ 
ing  director  of  Menlo  Ventures,  a 
venture  capital  firm  that  has  in¬ 
vestments  in  anti-spam  players 
IronFbrt  and  MailFrontier.“But  we 
will  end  up  with  around  10  com¬ 
panies  that  provide  functionality 


at  the  high  and  low  end,  and  that 
can  differentiate  their  products 
and  services.” 

So  many  vendors  are  rushing  to 
provide  spam  filters  because  cor¬ 
porations  recently  have  realized 
just  how  strategic  e-mail  commu¬ 
nication  is  to  their  organization 
and  are  looking  for  ways  to  pro¬ 


tect  it.  “Business  is  undergoing  a 
huge  transformation  from  phone- 
based  conversations  to  [Simple 
Mail  Transfer  Protocol] -based 
conversations,  be  it  through  e- 
mail  or  attached  messages,” 
Carlisle  says.  “Big  companies  are 
waking  up  around  the  world  say¬ 
ing  ‘we  run  our  business  on 


SMTP'  but  didn’t  really  realize  that 
they  don’t  have  an  industrial- 
strength  solution  in  place.” 

At  the  same  time,  companies 
don’t  want  to  tie  all  their  e-mail 
security  products  together  them¬ 
selves,  so  anti-spam  vendors  will 
be  forced  to  expand  into  other 
areas  such  as  anti-virus  protec¬ 
tion  —  as  many  have  —  and  con¬ 
tent  filtering  and  policy  manage¬ 
ment,  while  email  security  com¬ 
panies  add  spam  filters  to  their 
offerings. 

“Secure  messaging  is  still  a  high¬ 
ly  fragmented  market  .  .  .  but  I 
think  all  vendors  recognize  what 
were  once  products  and  became 
markets  will  turn  into  features, 
especially  as  customers  require 
more  integration,”  says  Chris 
Christiansen,  an  analyst  at  IDC. 
“Quite  a  few  smaller  vendors  who 
are  highly  specialized  will  be 
pushed  to  be  sold  or  merge.  It’s 
quite  clear . .  .many  of  these  [larg¬ 
er]  companies  could  go  public  in 
the  near  future.” 

While  it’s  evident  the  anti-spam 
market  will  consolidate,  what 
isn’t  as  obvious  is  which  vendors 
will  survive  the  shakeout.  Large, 
public  security  companies  such 
as  Network  Associates  and 
Symantec  are  marching  into  the 
anti-spam  market  and  are  natural 
dominators  because  of  their  suc¬ 
cess  in  related  areas  such  as  anti¬ 
virus.  Still,  a  few  companies  that 
have  dedicated  themselves  to 
spam  protection,  such  as  Bright- 
mail  and  Postini,  stand  a  chance 
because  of  their  anti-spam  exper¬ 
tise. 

“Over  the  next  two  years  some 
of  these  [anti-spam]  companies 
will  clearly  get  traction, and  either 
those  companies  will  go  public 
and  get  currency,  or  be  acquired 
and  have  the  currency  of  [the 
acquiring  company],”  says  Bud 
Colligan,  a  partner  with  venture 
capital  firm  Accel  Partners,  which 
invested  in  Brightmail  five  years 
ago.  “The  other  companies  won’t 
scale  as  rapidly,  and  their  in¬ 
vestors  will  start  saying  There’s  no 
place  for  a  ninth  or  10th  player  in 
this  market.’  Everyone  will  try  to 
find  a  dance  partner  before  the 
music  stops.” 

Until  then,  IT  departments  will 
continue  to  have  to  sort  out  the 
anti-spam  frenzy  on  their  own.“It’s 
going  to  be  a  lot  of  hard  work  for 
IT  managers  for  the  next  two  or 
three  years,  as  they’ll  be  bom¬ 
barded  with  possible  solutions," 
says  Sara  Radicati,  an  analyst  at 
The  Radicati  Group.  ■ 
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Congress  set  to  enact  opt-out  spam  law 


■  BY  CARA  GARRETSON 

Congress  last  week  reached  an  agreement 
on  the  first  piece  of  federal  legislation  to  cur¬ 
tail  spam,  marking  a  coup  for  e-mail  depen¬ 
dent  businesses  that  can  continue  sending 
messages  until  recipients  tell  them  not  to. 

Known  as  the  Controlling  the  Assault  of  Non- 
Soiicited  Pornography  and  Marketing  (CAN- 
SPAM)  Act,  the  bill  bounced  back  and  forth 
between  the  Senate  and  the  House  of 
Representatives  this  fall  before  lawmakers 
reached  an  agreement  last  week.  The  bill 
requires  one  more  procedural  vote  by  the 
House  —  expected  to  take  place  later  this 
month  —  before  it  is  presented  to  President 
George  Bush,  who  is  widely  expected  to  sign  it. 

The  bill  takes  an  opt-out  approach,  meaning 
businesses  can  send  unsolicited  commercial 
e-mail  as  long  as  each  message  includes  a 
mechanism  for  recipients  to  request  not  to  re¬ 
ceive  more.  Proponents  say  that  along  with  a 
number  of  other  provisions  in  the  bill,  the  opt- 
out  feature  will  help  cut  down  on  spam  be¬ 
cause  recipients  will  be  able  to  remove  them¬ 
selves  from  e-mailing  lists. 

However,  some  say  CAN-SPAM  actually  will 
open  the  spam  floodgates  even  wider.  By 
allowing  opt-out  unsolicited  e-mail,  some 
observers  say  the  law  will  give  businesses 
once  hesitant  to  send  commercial  e-mail 
license  to  do  so,  as  long  as  they  include  an 
opt-out  component. 

“Spammers  have  the  opportunity  to  keep 
spamming,  as  long  as  they  include  an  opt-out 
in  the  body  of  the  e-mail,"  says  Chris  Belthoff, 
senior  security  analyst  with  Sophos,  which 
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Congress  v.  spam 

The  main  provisions  of  the  CAN- 

SPAM  Act  are: 

Recipients  have  the  right  to  opt  out 
of  receiving  unwanted  commercial  e- 
mail. 

Violators  face  fines  of  up  to  $2 
million,  tripled  to  $6  million  if 
violations  are  considered  intentional. 

FTC  can  establish  a  “Do  not  spam" 
registry,  although  it  is  not  mandated. 

Sending  fraudulent  e-mail  is 
criminalized,  with  penalty  of  up  to 
five  years  in  prison. 

FTC  and  state  attorneys  general  can 
prosecute  offenders. 

SOURCE:  OFFICE  OF  THE  HOUSE  ENERGY  AND  COMMERCE 

COMMITTEE 
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sells  anti-virus  and  anti-spam  software.  “This 
law  is  not  saying  that  [sending  spam]  is  illegal 
or  that  they’re  not  allowed  to  do  it.”  Another 
issue  with  the  bill  will  be  tracking  down  those 
who  don’t  respect  opt-out  requests,  he  says. 

CAN-SPAM  will  override  state  laws  governing 
unsolicited  e-mail,  including  California’s  con¬ 
troversial  Senate  Bill  186,  which  is  set  to  be  en¬ 
forced  starting  Jan.  l.That  bill  would  force  all 
businesses  sending  commercial  e-mail  to  the 
state’s  residents  to  have  the  recipients’  con¬ 
sent,  aka  opt-in. 

Companies  that  rely  on  email  communica¬ 
tion  with  customers  will  be  relieved  by  the 


passage  of  CAN-SPAM,  says  Deborah  Thoren- 
Peden,  a  partner  with  law  firm  Pillsbury 
Winthrop,  because  they  won’t  have  to  follow 
the  stringent  California  law  that  would  force 
them  to  obtain  and  retain  any  email  recipi¬ 
ent’s  permission  before  emailing  them. 

“Even  for  our  clients  trying  very  hard  to  com¬ 
ply  [with  the  California  law] ,  it  was  going  to 
cause  extreme  difficulties  for  them,”  she  says. 
“I’m  sure  a  number  of  businesses  will  be 
pleased  to  see  that  they  now  have  a  little  bit  of 
breathing  room.” 

The  federal  bill  only  will  supersede  state 
laws  that  specifically  regulate  the  use  of  unso¬ 
licited  commercial  e-mail, Thoren-Ffeden  says, 
meaning  state  laws  that  deal  with  email  fraud 
will  remain  in  effect. CAN-SPAM  will  not  super¬ 
sede  international  laws  regulating  commer¬ 
cial  email, she  adds,  which  tend  to  be  as  strict 
as  the  California  law. 

Companies  that  send  commercial  email  on 
a  national  level  also  will  be  relieved  that  a  fed¬ 
eral  law  governing  the  practice  is  finally  in 
place,  one  observer  says. 

“This  is  the  first  federal  legislation,  and  I 
think  everyone  would  prefer  a  national  law 
over  a  patchwork  quilt  of  state  laws  that  make 
it  very  difficult  for  anybody  to  complyf  says 
Mark  Rasch,  senior  vice  president  and  chief 
security  counsel  at  security  service  provider 
Solutionary  and  former  head  of  the  Depart¬ 
ment  of  Justice’s  computer  crime  unit. 

CAN-SPAM  also  gives  the  Federal  Trade 
Commission  the  authority  to  create  a  “Do  not 
spam”  registry  much  like  that  agency’s  “Do  not 
call”  list  that  consumers  can  join  to  prevent 
calls  from  telemarketers.  ■ 
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But  change  is  coming  for  the  medium  enterprise 


On  February  2nd,  the  incredible  network  security  protecting  many  large 


enterprises  will  be  available  to  medium  enterprises  as  well.  To  learn 


more  call  800.638.8296  or  visit  www.netscreen.com/company/ad/feb2 
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3Com-EDS  deal  in  the  works;  mum  on  details 


■  BY  PHIL  HOCHMUTH 

3Com  and  Electronic  Data  Systems  are 
working  out  the  final  details  on  a  deal  for 


EDS  to  resell  3Com  enterprise  hardware 
products  as  part  of  the  integration  firms 
services  offerings. 

With  3Com  on  EDS’  menu,  corporations 


could  tap  the  second-largest  IT  integrator 
(behind  IBM  Global  Services)  to  install 
3Com  switches,  routers  and  voice-over-IP 
equipment  —  and  that  includes  gear  from 
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It's  everyone’s  business. 


3Com’s  joint  venture  with  Huawei  Technol¬ 
ogies.  IBM  Global  Services  offers  Cisco  but 
not  3Com  products. 

Sources  close  to  the  deal  say  it  is  in  the 
works,  but  spokespeople  for  3Com  and  EDS 
would  not  discuss  it. 

Other  enterprise  vendors  EDS  partners 
with  include  Cisco,  Dell,  Microsoft,  Sun  and 
Xerox.  Adding  3Com  to  its  product  mix 
might  give  users  interested  in  EDS’ services 
a  less-expensive  option  for  network  equip¬ 
ment,  observers  say 

“It  would  be  good  for  3Com  to  ally  itself 


Leaning  on  EDS 

3Com  hopes  to  ride  EDS’  clout 
into  large  enterprise  IT  project 
accounts. 


2002  revenue  of  top  systems 
integration  companies  (in  billions) 


Today,  information  security  is  a  shared  responsibility,  top-of-the-agenda 
in  the  board  room  as  well  as  the  server  room.  Smart  business  executives 
understand  security  is  more  than  technology — it’s  business  policy, 
process,  procedure  and  ultimately,  business  advantage.  Smart  IT  pros 
understand  that  the  right  security  starts  with  making  the  right  business  case 
for  it.That’s  why  Infosecurity  2003  will  be  held  in  New  York — the  business 
capital  of  North  America.  For  information  asset  stakeholders,  the 
Infosecurity  Conference  &  Exhibition  is  the  ideal  forum  to  share  real-world 
concerns  and  discover  the  most  promising  new  security  solutions. 


Register  for  Free  Exhibit  Hall  admission  at 
www.infosecurityevent.com 

To  register  online  and  for  event  updates,  visit  our  website. 

Or  call  888.251.0566  or  203.840.5690.  For  information  about  exhibiting, 
please  contact  Mike  Alessie  at  1.203.840.5387. 
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with  a  legitimate  large-enterprise  reseller 
says  Zeus  Kerravala,  an  analyst  with  The 
Yankee  Group.“Even  if  3Com  is  billed  as  the 
de  facto  alternative  [among  EDS’  service 
offerings],  it  still  helps  3Com.  I  could  see  a 
situation  where  Cisco  is  sold  as  a  high-end 
offering  and  3Com  is  positioned  as  a  more- 
value  play1’ 

3Com’s  bid  to  attract  large  enterprise  cus¬ 
tomers  began  in  March  when  it  an¬ 
nounced  plans  to  form  a  joint  venture  with 
Huawei, Chinas  largest  maker  of  enterprise 
and  carrier  Ethernet  switches  and  IP 
routers.  Since  then,  the  company  has 
launched  its  Switch  7700,  a  chassis-based 
Layer  3  core  LAN  switch,  and  the  Router 
5000  series  of  aggregation  routers.  These 
boxes  are  targeted  at  Ciscos  Catalyst 
switches  and  2600/3700  series  routers. 

3Com  has  said  that  its  joint  venture  with 
Huawei  lets  it  offer  routers  and  switches 
competitive  with  Cisco  and  Nortel,  but 
priced  about  10%  to  20%  less  ! 
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■  LAN/WAN  SWITCHES  AND  ROUTERS 

■  ACCESS  DEVICES  ■  SERVERS  ■  VPNS 

■  OPERATING  SYSTEMS  ■  NETWORKED  STORAGE 

■  VOIP  ■  WIRELESS  NETWORKS 


Server  mgmt  standard  gaining  steam 


■  BY  JENNIFER  MEARS 

As  organizations  move  toward  running 
heterogeneous  servers  as  a  single  pool  of 
resources  designed  to  respond  to  business 
needs,  a  looming  issue  is  how  best  to  man¬ 
age  those  disparate  systems.The  Intelligent 


■  Brix  Networks,  a  maker  of  appli¬ 
ances  used  to  monitor  network  ser¬ 
vice  quality,  has  received  $8.1  million 
in  a  fourth  round  of  venture  funding. 
The  company,  which  has  compiled 
$55  million  in  funding  since  starting 
up  in  July  1999,  says  it  will  use  the  new 
influx  to  boost  its  sales  and  distribu¬ 
tion  system.  The  company's  investors 
include  Charles  River  Ventures  and 
ComVentures.  Brix  is  shooting  for 
profitability  next  year.  The  company 
recently  announced  a  reseller  agree¬ 
ment  with  Agilent  Technologies 
under  which  it  will  offer  Brix's  voice- 
over-IP  hardware  and  software  per¬ 
formance  monitoring  products  to 
service  providers.  Brix  also  sells  its 
products  for  enterprise  networks. 

■  HP  is  shipping  Xeon  versions  of  its 
2  year  old  ProLiant  BL20p  blade 
servers.  The  servers,  which  support 
up  to  two  processors,  also  now  will 
connect  to  Fibre  Channel  storage 
devices,  according  to  HP.  They  are 
available  in  2.8-GHz,  3.06-GHz  and 
3.2-GHz  configurations.  Although 
blade  servers  initially  failed  to  meet 
market  expectations,  HP  and  IBM 
are  beginning  to  sell  the  systems  in 
greater  volumes.  HP  says  it  has  now 
sold  more  than  50,000  blades  since 
launching  its  line  in  January  2002. 
Recent  customers  include  Ag- 
Research, Telecomputing  ASA  and 
Hostopia.com,  HP  said.  IBM  says  it 
has  sold  42,000  blades  since  Decem¬ 
ber  2002.  Pricing  for  a  single-proces¬ 
sor  2.8G-Hz  ProLiant  BL20p  with 
512M  bytes  of  memory  and  a  36.4G- 
byte  hard  drive  starts  at  $2,400.  With 
the  2G  bit/sec  Fibre  Channel  card,  it 
costs  $3,400. 


Platform  Management  Interface  is  a  stan¬ 
dard  that  industry  observers  say  is  becom¬ 
ing  increasingly  useful  as  organizations 
look  for  ways  to  streamline  management 
and  cut  costs  in  the  data  center. 

It’s  not  exciting:  IPM1  deals  with  monitor¬ 
ing  basic  server  parts  such  as  CPU,  fan,  volt¬ 
age  and  temperature.  Analysts  say  it  can 
help  reduce  costs  by  letting  administrators 
remotely  manage,  diagnose  and  reboot 
servers  whether  the  operating  system  is 
running  or  the  system  has  crashed.  It  does 
it  regardless  of  platform. 

Users  might  have  IPMI  running  on  their 
servers  and  not  even  know  it.  Today,  sys¬ 
tems  vendors  for  the  most  part  do  not 
actively  promote  the  standard,  although  it 
increasingly  is  being  embedded  into 
servers,  storage  and  other  network  devices. 

“It’s  amazing  how  little  is  known  in  cor- 


■  BY  PHIL  HOCHMUTH 

Start-up  ExaGrid  is  looking  to  change  the 
way  businesses  handle  data  backup  and 
recovery  with  a  grid-computing  system  for 
storage. 

The  company,  which  launched  last 
month,  has  designed  what  it  calls  a  Grid 
Protected  Storage  architecture:  a  mix  of 
standards-based  servers,  disks,  Ethernet 
switching  and  WAN  technology  fashioned 
into  an  end-to-end  system  for  replicating 
data  to  remote  sites.  ExaGrid  says  its  system 
is  faster  and  more  reliable  than  disk-to-tape 
or  disk-to-disk  back-up  technologies. 

The  company’s  concept  involves  two 
basic  hardware  components.  One  is  the 
GRIDfiler,  a  lT-byte  Windows-based  Dell 
server  running  as  a  network-attached 
storage  appliance.  These  stackable 
servers  connect  via  Gigabit  Ethernet  in  a 
rack,  which  is  managed  virtually  as  a  larg¬ 
er  disk  array.  Gigabit  Ethernet  also  con¬ 
nects  the  GRIDfiler  racks  to  a  LAN  and  to 
the  other  ExaGrid  component,  the 
GRIDdisk,  which  is  a  larger  array  of  Linux- 
based  servers. 

GRIDdisks  are  the  archive  repositories  in 
the  system,  and  can  be  managed  and  con¬ 
figured  virtually  through  ExaGrid’s  soft¬ 
ware.  Local  network  storage  would  be  con¬ 
figured  on  the  GRIDfilers  —  such  as  shared 
drives  on  a  LAN  —  and  back-up  jobs 


porate  IT  about  IPMI,”  says  Ulrich  Seif,  CIO 
at  National  Semiconductor  in  Santa  Clara. 
“IPMI  might  be  one  of  the  least-known 
standards  in  the  industry’ 

IPMI  is  a  message-based  hardware  man¬ 
agement  interface  that  is  implemented  at 
the  silicon  level  and  uses  a  baseboard 
management  controller,  which  is  a  small 
processor  that  sets  up  IPMI  as  a  subsystem 
independent  of  the  server’s  CPU  or  operat¬ 
ing  system  (see  graphic,  page  22).  It 
enables  remote  monitoring,  management 
and  recovery  capabilities,  regardless  of  the 
status  of  the  server. 

Dell,  HR  Intel  and  NEC  are  behind  the 
standard,  which  was  created  in  1998  to 
provide  an  alternative  to  the  proprietary 
management  tools  each  server  manufac¬ 
turer  offers.  In  the  past,  IT  managers  had  to 
use  multiple  tools  to  manage  heteroge- 


would  be  scheduled  incrementally  to  the 
GRIDdisk  arrays.  The  company  says  its 
hardware  also  can  be  controlled  through 
other  storage  and  back-up  management 
software  from  vendors  such  as  Legato 
Systems,  Oracle  and  Veritas  Software. 

Off-site  back-up  jobs  also  can  be  config¬ 
ured  among  GRIDdisk  arrays  at  remote 
sites  over  a  company’s  existing  WAN  con¬ 
nection.  By  backing  up  only  data  that 
changes  among  remote  GRIDdisk  arrays, 
bandwidth  is  conserved,  according  to 
ExaGrid  CTO  DaveTherrien. 

Because  backups  are  written  to  disk 
drives,  recovery  of  data  is  80%  more  accu¬ 
rate  and  up  to  1,000  times  faster  than  data 
recovery  using  tape  drives,  he  says.  A 
patent  pending  data  checksum  tech- 


neous  systems.  About  150  vendors  have 
adopted  IPMI,  which  enables  cross-plat¬ 
form  management. 

IPMI  can  be  exposed  through  any  stan¬ 
dard  management  software  interface  such 
as  Common  Information  Model, SNMP  and 
Windows  Management  Instrumentation.  It 
can  feed  into  higher-level  management 
software  such  as  HP’s  OpenView. 

Industry  observers  say  the  latest  iteration 
of  the  specification  might  be  what  finally 
pushes  it  onto  the  radar  screen  of  network 
executives.  IPMI  2.0,  unveiled  at  the  Intel 
Developers  Forum  earlier  this  year,  is 
expected  to  be  ratified  by  its  promoters  by 
the  middle  of  next  year.  It  is  the  third  itera¬ 
tion  of  the  specification  that  took  a  giant 
step  forward  with  its  last  update  when  it 
enabled  management  of  servers  via  the 

See  IPMI,  page  22 


nique  is  used  to  ensure  that  no  corrupt 
data  is  archived, Therrien  says. 

Founded  in  2002,  ExaGrid  is  backed  by 
venture  capital  funding  and  says  it  has  sev¬ 
eral  early  customers  using  its  product,  in¬ 
cluding  the  medical  imaging  department 
at  Boston’s  Massachusetts  General  Hospital 
and  The  First  Years,  a  Massachusetts-based 
manufacture  of  baby  products. 

Grid  Protected  Storage  will  be  delivered 
as  a  whole  system  —  racks  of  GRIDfilers 
and  GRIDdisks,  with  network  hardware 
included  —  or  users  will  be  able  to  buy 
their  own  hardware  and  integrate  the 
ExaGrid  software. 

The  company  plans  to  start  general  prod¬ 
uct  shipping  next  year.  Pricing  has  not  yet 
been  determined  ■ 


Start-up  manages  storage  with  grids 

Mix  of  servers,  disks  and  WAN  technology  replicates  data  to  remote  sites. 


■ 

PROFILE: 

EXAGRID 

Location: 

Westborough,  Mass. 

Founded: 

2002 

Product: 

Grid  Protected  Storage  system,  based  on  standard  PC  hardware 
and  software,  plus  proprietary  management  software. 

Key  personnel: 

CEO  Jim  Pownell  and  CTO  DaveTherrien,  both  formerly  vice 
presidents  at  now-defunct  StorageNetworks. 

Funding: 

$8.5  million  Series  A  funding  from  Highland  Capital  and  Sigma 
Partners. 
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IBM  recommends  Microsoft® 
Windows®  XP  Professional 
for  Business. 

NEW!  IBM  ThinkPad  R40 

Distinctive  IBM  innovations: 

•  Access  Connections  -  Easiest  wired 
and  wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0’  - 
Strongest  security  as  a  standard  feature 
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•  Intel  Pentium  ’  M  processor  1 ,40GHz2 

•  Intel  PRO/Wireless  Network  Connection  802.11b3 

•  Microsoft"  Windows®  XP  Professional4 

•  14.1"  XGA  TFT  display  (1024x768) 

•  256MB  DDR  SDRAM 

•  20GB5  hard  drive 

•  Ultrabay™  Plus  CD-RW/DVD-ROM  combo 

•  IBM  UltraNav™  -  TrackPoint  and  touch  pad 

•  1-yr  system/battery  limited  warranty7 

$1,279*  m  NavCode  289793U-M580 

Recommended  Option: 

•  ServicePac”  Service  Upgrade:8 
3-yr  Depot  Repair  #30L9192  *132 


NEW!  IBM  ThinkPad  T41 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  Easiest  wired 
and  wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0'  - 
Strongest  security  as  a  standard  feature 

System  Features: 

•  Intel  Centrino  mobile  technology 

•  Intel  Pentium  M  processor  1.40GH22  • 

•  Intel  PRO/Wireless  Network  Connection  802.11b 

•  Microsoft1  Windows  ’  XP  Professional 

•  14.1"  XGA  TFT  Display  (1024x768) 

•  256MB  DDR  SDRAM 

•  NEW!  40GB  hard  drive  with  IBM  Hard  Drive 
Active  Protection  System 

•  Ultrabay  Slim  CD-RW/DVD-ROM  combo 

•  Only  1 "  thin6  •  4.5-lb  travel  weight6 

•  1-yr  system/battery  limited  warranty7 

$1,769*  ■  NavCode  2378DHU-M580 
Recommended  Option: 

•  ServicePac-  Service  Upgrade: 

3-yr  Onsite  Repair/9x5/Next  Business. 

Day  Response  #30L9195  *243 


‘These  services  are  available  tor  machines  normally  used  for  business,  professional  or  trade  purposes,  rather  than  personal,  family  or  household  purposes.  Service  period  begins  with  the  equipment  date  of  purchase.  If  the  machine  problem  turns 
out  to  be  a  Customer  Replaceable  Unit  (CRU),  IBM  will  express  ship  the  part  to  you  for  quick  replacement.  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM 
may  choose  to  pertorm  service  at  the  depot  repair  center.  ‘Standard  shipping  included  when  you  order  online.  U.S.  only.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice.  IBM  is  not  responsible  for 
photographic  or  typographic  errors.  All  IBM  product  names  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  U.S.  and  other  countries.  Lotus  and  SmartSuite  are  registered  trademarks  of  Lotus 
Development  Corporation,  an  IBM  company.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  Intel  Celeron,  Intel  Centrino,  the  Intel  Centrino  logo  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  U.S  and 
other  countries.  Microsoft  and  Windows  are  trademarks  or  registered  trademarks  of  Microsoft  Corporation.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2003  IBM  Corp  All  rights  reserved. 
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WIRED 

WINDOWS 

Dave 

Kearns 


We  don’t  need  new  technology;  we 
need  to  use  the  technology  we 
have  better. 

I  just  got  off  the  phone  with  a  technol¬ 
ogy  support  operation.  As  most  of  you 
know,  the  automated  telephone  systems 
are  built  by  specialists  who  go  to  college 
to  learn  how  to  design  “menu  choices” 
that  don’t  relate  to  the  real-world  prob¬ 
lems  you  are  trying  to  solve  (press  “1”  if 
your  telephone  handset  is  no  longer 
operational). 

This  is  supposedly  state-of-the-art  tech¬ 
nology  to  route  your  call  most  efficiently. 
While  many  calls  can  be  handled  auto- 


Galling  for  real  tech  support 


matically  (account  balance,  due  date, 
appointment  status,  nearest  office  and  so 
on),  most  of  my  calls  don’t  fit  those 
descriptions  (I  use  the  automated  Web 
services  for  those).  I’ve  got  two  gripes 
having  to  do  with  a  technology  that  isn’t 
in  the  least  bit  “state  of  the  art”:  caller  ID. 
Most  businesses  use  a  telephone  number 
as  an  index  into  the  accounts  database. 

My  first  gripe  is  that  I  have  to  sit  in  the 
phone  queue  listening  to  some  automat¬ 
ed  voice  tell  me  how  long  1  have  to  wait 
(“wait  time  is  currently  10  minutes  or 
more”) .You’ve  got  my  phone  number,  just 
call  me  back  when  the  wait  time  is  up! 
The  inexpensive  handset  on  my  desk  can 
auto-dial  the  last  caller  (or  any  of  the 
phone  numbers  I’ve  captured  with  caller 
ID),  and  so  can  your  business  phone  sys¬ 
tem. You’ve  automated  the  phone  to  save 
you  time;  now  think  about  my  time. 

Somewhere  during  the  maze  of  menu 


choices  the  automated  voice  will  say  “In 
order  to  serve  you  better,  please  enter 
your  77-digit  account  number.” 

So  you  do,  but  you  have  to  do  it  four 
times  because  you  always  mis-key  a  num¬ 
ber  or  two. Then,  20  minutes  later,  when  a 
human  picks  up  the  phone  the  first  thing 
they  ask  you  for  is  the  account  number. 

Ten  years  ago  I  was  writing  applica¬ 
tions  that  captured  the  phone  number, 
looked  up  the  account,  forwarded 
the  call  (via  the  phone  switch)  to  a  tech¬ 
nician  while  routing  the  account  infor¬ 
mation  to  the  tech’s  desktop  PC.  Pick  up 
the  phone,  and  the  account  details 
appear  on  screen. That  was  10  years  ago. 
Yet  no  one  seems  capable  of  doing  that 
today. 

When  I’m  frustrated  enough  to  call  tech 
support, don’t  add  to  my  frustration.  Use  the 
technology  for  my  good,  which  actually 
could  improve  your  bottom  line. 


www.nwfusion.com  | 


Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  reached  a 
wired@uquill.  com. 


Tip  of  the  Week 


I’ll  be  deciding  on  2003's 
Networking  MVP  (see 
www.nwfusion.com,  Doc- 
Finder:  8728)  over  the  next 
few  weeks.  If  you  have  an 
opinion  on  who  has  done  the 
most  to  further  their  organi¬ 
zation's  network  agenda  this 
year,  drop  me  a  note.  The 
award  will  be  announced  in 
the  Jan.  12  column. 


Under  the  server  cover 


The  Intelligent  Platform  Management  Interface  (IPMI)  provides  a  standard 
way  to  monitor  servers  regardless  of  platform. 


IPMI  firmware  runs  on  a  baseboard  management  controller,  a  small 
processor  on  the  system  board  that  sets  up  IPMI  as  a  subsystem 
within  the  server. 


Z^Tl 


Software  connectors  can  enable  IPMI 
to  feed  into  higher-level  management 
systems  such  as  HP’s  OpenView  and 
Computer  Associates’  Unicenter. 


Server 


Because  IPMI  operates  independent  of 
the  system,  it  provides  administrators 
with  the  ability  to  monitor,  manage, 
diagnose  and  recover  systems  even  if  the 
operating  system  has  hung  or  the  server 
is  off.  IPMI  can  be  used  to  monitor 
components  such  as  CPUs,  memory,  hard 
disk,  fan  and  power  supply. 


SOURCE:  OSA  TECHNOLOGIES 


Management 

console 


Radvision 
updates  video¬ 
conferencing 
appliance 

■  BY  PHIL  HOCHMUTH 

Radvision  last  week  announced  new  ver¬ 
sions  of  its  IP  videoconferencing  appli¬ 
ance  that  can  be  used  to  add  ISDN  or  IP 
videoconferencing  to  an  enterprise  net¬ 
work,  with  support  for  up  to  10  or  20  simul¬ 
taneous  users. 

The  Radvision  Invision  appliances,  the  In¬ 
vision  100  and  400,  are  1U  appliances  that 
can  support  videoconferencing  setup  and 
management,  and  IP  gateway  features  in 
one  box. 

The  appliances  can  be  used  to  set  up 
videoconferencing  for  up  to  20  users,  with 
each  conference  participant  receiving  up 
to  768K  bit/sec  of  video  bandwidth.  The 
Invision  100  supports  up  to  10  users,  while 
the  400  model  supports  20. 

Both  appliances  can  support  ISDN 
videoconferencing  protocols,  such  as 
H.320,  and  H.323  video  protocol  and 
voice  over  IPThe  appliances  also  support 
Session  Initiation  Protocol,  although  it  is 
not  a  standard  configuration. 

The  hardware  includes  up  to  four  Basic 
Rate  Interface  or  two  Primary  Rate  Inter¬ 
face  ISDN  connections. 

An  H.323  IP  gateway  is  embedded  in 
both  devices. 

The  devices  also  have  a  built-in  man¬ 
agement  interface,  which  can  be  used  to 
schedule  and  manage  videoconferenc¬ 
ing  activities.This  Web-interface  also  can 
be  used  to  monitor  network  activity  and 
performance. 

Both  the  Invision  100  and  400  are  priced 
starting  at  $44,500. ■ 


IMPI 

continued  from  page  19 

network.  To  get  IPMI  capabilities,  adminis¬ 
trators  previously  had  to  be  working  on  the 
system  itself  or  connecting  through  a  serial 
port,  says  Steve  Rokov,  director  of  market¬ 
ing  at  OSA  Technologies,  which  makes 
IPMI  software  and  firmware. 

“This  offered  a  way  to  extend  accessibil¬ 
ity  over  the  LAN,”  Rokov  says. “So  adminis¬ 
trators  could  be  at  the  farthest  reaches  of 
the  enterprise  and  could  still  monitor  and 
manage  their  servers.” 

But  security  issues  dogged  some  IT  man¬ 
agers  who  implemented  at  the  specifica¬ 
tion.  IPMI  2.0  addresses  security  concerns, 
Rokov  says.  It  supports  encryption  and  re¬ 
quires  authentication  before  allowing  ac¬ 
cess  to  the  baseboard  management  con¬ 
troller.  IPMI  2.0  also  supports  virtual  LANs 
(VLAN). 

“Like  Rosettanet/XML-enabled  transac¬ 
tions  on  the  business  application  side,  IPMI 
provides  a  standardized  interface  to  the 
Vitals’  of  a  system.  Support  of  encryption 
[Advanced  Encryption  Standard]  and  au¬ 
thentication  [via  SHA-1]  together  with 
VLAN  capability  now  add  the  right  feature 
set  to  allow  an  administrator  to  leverage 
the  IPMI  functionality  securely  over  the 
network,”  National’s  Seif  says.  “All  these 
capabilities  will  be  embraced  by  adminis¬ 
trators.  Who  wouldn’t  want  to  remotely  and 
securely  administer  a  server  in  trouble?” 

Jonathan  Eunice,  president  and  principal 
analyst  at  Illuminata,  says  IPMI  is  letting 


companies  such  as  Amphus,  a  server  man¬ 
agement  software  company  create  cross¬ 
platform  server  management  consoles.  But 
he  questions  where  IPMI  will  play  as  ven¬ 
dors  get  more  serious  about  managing  het¬ 
erogeneous  systems. 

“I  don’t  think  IPMI  is  sufficiently  rich  and 
complete  to  be  the  end-all  of  server  man¬ 
agement,  much  less  the  broader  field  of  IT 
infrastructure  management,”  he  says.“Most 
OEMs  creating  server  coordination  plat¬ 
forms  —  HP  with  Systems  Insight  Manager 
or  IBM  with  IBM  Director,  for  example  — 
have  to  use  additional  or  other  instrumen¬ 
tation  mechanisms,  both  for  basic  opera¬ 
tions  like  software  distribution  and  plat¬ 
form  monitoring, and  for  higher-level  oper¬ 
ations  like  partition/ [virtual  machine] 


management  and  [quality-of-service]- 
based  provisioning. 

“IPMI  is  one  of  dozens  of  platform-level 
standards  with  which  the  vendors  must 
concern  themselves,  but  it  doesn’t  work  at 
a  high  enough  level  that  most  IT  managers, 
architects,  or  decision-makers  need  to 
think  about  it  very  often,  if  eveif  he  says. 

Aberdeen  Group  analyst  Peter  Kastner 
says  IT  managers  should  start  paying  atten¬ 
tion  to  the  standard.  In  a  white  paper  on 
standards-based  computing  published  in 
August,  Kastner  wrote  that  about  half  the 
cost  of  running  a  data  center  today  is  asso¬ 
ciated  with  paying  the  people  who  operate 
and  administer  the  systems.  IPMI-enabled 
devices  would  help  reduce  those  manage¬ 
ment  headaches,  he  says. 

“With  more  than  150  adopter  compa¬ 
nies,  IPMI  support  should  be  a  checklist 
requirement  by  IT  managers  when  evalu¬ 
ating  server  infrastructure,”  he  says.  “IPMI 
helps  enable  management  software  that 
works  across  heterogeneous  server  sys¬ 
tem  hardware.” 

According  to  OSA  Technologies,  30%  of 
all  servers  shipped  worldwide  have  IPMI, 
and  the  numbers  are  predicted  to  be  at 
70%  by  year-end  2004.  ■ 


NewsOalerts 

Hate  hunting  for  stories  on  a  specific  topic?  Let  the  news  come  to  you 
with  Network  World’s  latest  news  alerts  —  with  focuses  on  security, 
financials,  standards,  trade  show  news  and  vendor-specific  news. 
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Tech  Friendly  because... 


Desktop  Color  & 
B&W  Printers 


•Common  User  Interface 


•Universal  Print  Driver 


•Integrated  Wireless  Solutions 


Workgroup  Printers 


•Cartridge-Free  Drum  Design 


High-Speed 
Departmental  Printing 


•Very  Low  Cost  of  Ownership 


Technology  so  advanced, 
it’ll  make  you  smile. 

Tech  people  face  a  world  of  many 
demands  and  little  time.  Our  all-digital 
line  of  printers,  copiers  and  MFP’s  are 
highly  reliable  and  ready  for  network 
use,  either  wired  or  through  our 
embedded  wireless  technology. 

Kyocera  Mila  uses  advanced  technology 
to  make  life  simple  and  productive. 

Everything  we  do  is  aimed  at  making 
things  less  complex.  Examples?  A  single 
driver  operates  all  our  devices.  NetViewer™ 
software  administers  our  systems  across 
your  network  in  real  time.  The  list  is 
long.  And  it’s  how  we’ve  made  so  many 
friends  in  the  MIS/IT  department. 

Tech  friends  meet  at: 
www.  kyocera  m  ita.co  m/us 


The  New  Value  Frontier 

$  KyocERa 


KYOCERA  MITA  AMERICA,  INC. 
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The  right  management  can  put  you  in  control  of  your  infrastructure, 
not  the  other  way  around. 

Unicenter®  Infrastructure  Management  Software 

So  long,  mayhem.  Managing  on-demand  computing  is  here.  Unicenter  infrastructure  management  software  lets  you  take  control 
of  your  infrastructure  so  you  can  be  more  responsive  to  business.  With  automation  and  self-healing  capabilities  Unicenter  can 
help  control  costs  and  empower  you  to  do  more  with  less.  Unicenter  also  lets  your  infrastructure  react  to  changes  in  real  time, 
so  your  IT  and  business  priorities  are  always  in  sync.  Finally,  it  is  based  upon  a  service-oriented  architecture  that  simplifies 
your  IT  environment,  so  your  infrastructure  is  easier  to  manage.  To  learn  how  to  get  more  value  out  of  your  infrastructure, 
or  to  get  a  white  paper,  go  to  ca.com/infrastructure. 

Computer  Associates® 

©  2003  Computer  Associates  International,  Inc.  (CA).  All  rights  reserved. 
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■  PORTALS  ■  MESSAGING/GROUPWARE 

■  E-COMMERCE  ■  SECURITY 

■  MIDDLEWARE  ■  DIRECTORIES 

■  NETWORK  AND  SYSTEMS  MANAGEMENT 

■  WEB  SERVICES 


Tackling  app  performance  mgmt. 

Research  shows  IT  managers  need  to  start  building  better  application  management  into  their  infrastructures. 


Cause  and  effect 

IT  managers  in  a  recent  survey  indicated  numerous 
causes  behind  application  performance  degradation. 


Configuration  and 
tuning  problems 

11.9% 


Architecture 

10.4% 


Database 

connections 

9.9% — 

Design 

problems 

9.0% 

Memory  leaks 

7.1% 


Application 
code  bugs 

13.7% 


Other 

38.0% 


SOURCE:  WILY  TECHNOLOGY 
SURVEY  OF  360  J2EE  USERS 


6.5%  Capacity  planning 
miscalculations 

5.3%  Java  Virtual  Machine 
issues 

5.1%  Out-of-memory 
conditions 

3.6%  Lack  of  bandwidth 
behind  the  firewall 

3.3%  Hung  threads 

3.3%  Connector  problems 

3.0%  Connections  to 
mainframes 

2.7%  Connections  to  third- 
party  partners 

2.0%  Hardware  failure 

2.0%  Operating  system 
bugs 

1.2%  Viruses,  hacks, 
intrusions 


Olympic  net  gets  gold 
security  protection 


■  BY  DENISE  DUBIE 

It  used  to  take  Michael  Lubanski  up  to  30 
hours  trying  to  pinpoint  the  source  of  poor 
application  performance  in  Towers  Perrin’s 
benefits  administration  application.  Now 
the  process  can  take  less  than  30  minutes. 

The  time-saver,  Lubanski  says,  is  software 
called  RealiTea  from  TeaLeaf  Technology 
that  captures  application  traffic  in  real  time 
and  shines  a  light  on  the  cause  of  poor  per¬ 
formance  —  whether  an  application  or  a 


■  NetPro  Computing  last  week 
released  Version  3.0  of  its 

DirectoryLockdown  tool  for 

Microsoft’s  Active  Directory.  The  tool 
monitors  the  Configuration  and 
Schema  Naming  Contexts  in  the 
directory  and  prevents  unauthorized 
changes.  This  can  protect  companies 
against  denial-of-service  attacks, 
security  breaches  and  service  inter¬ 
ruptions.  Companies  can  set  the 
software  to  shut  down  the  directory 
if  a  breach  is  detected  or  to  send  an 
alert  to  an  administrator.  NetPro 
also  includes  a  module  so  the  tool 
can  plug  into  Microsoft  Operations 
Manager,  a  network-monitoring  tool. 
The  software  supports  Windows 
2000  and  2003.  Pricing  starts  at  $9 
per  user. 

■  Cafesoft  has  shipped  Cams 
Apache  2.0,  which  supports  single 
sign-on  security  across  Apache  2.0 
Web  servers.  The  software  works 
with  a  farm  of  Apache  servers  or 
between  Apache  2.0  and  other  Web 
and  Java  2  Platform  Enterprise 
Edition-based  servers.  Cams  works 
with  Lightweight  Directory  Access 
Protocol  v3-comp!iant  directory 
servers  and  SOL  databases.  The 
software  features  role-based  access 
control,  centralized  security  policy 
administration  and  logging  capabili¬ 
ties.  Pricing  starts  at  roughly  $3,000 
per  server. 


Web  server,  load  balancer,  middleware  or 
another  piece  of  the  complex  environ¬ 
ment  supporting  online  applications. 

“We  used  to  just  pick  a  place  and  start 
digging,  but  the  software  gives  us  the  point 
of  view  of  the  application  and  eliminates 
the  problem  of  us  not  seeing  the  problem,” 
says  Lubanski,  manager  of  enterprise  mon¬ 
itoring  at  the  human  resources  consulting 
and  benefits  administration  firm  in 
Philadelphia. 

Lubanski  s  problem  is  a  common  one.  A 
recent  study  shows  that  IT  managers 
spend  about  30%  of  their  workweek  man¬ 
aging  applications.  The  same  report  also 
shows  that  about  30%  of  application  per¬ 
formance  problems  cannot  be  identified 
or  resolved  within  a  day  Wily  Technology, 
a  maker  of  application  performance  man¬ 
agement  (APM)  software,  conducted  the 
survey  of  360  IT  managers,  which  says  the 
causes  of  poor  performance  are  varied 
(see  graphic,  right). 

The  good  news  is  that  a  flood  of  new 
vendors  and  products  emerged  in  the 
past  year  to  tackle  application  perfor¬ 
mance  problems.  Research  from  APM 
Advisors,  a  new  market  research  firm  in 
Portland, Ore., reports  more  than  100  com¬ 
panies  now  offer  APM  hardware  and  soft¬ 
ware  in  nine  product  categories,  which 
range  from  software  products  that  collect 
information  to  network  appliances  that 
speed  application  traffic. 

The  company  attempts  to  make  sense  of 
the  products  and  how  each  addresses  a  dif¬ 
ferent  aspect  of  APM  in  a  recent  paper  that 
says  enterprise  IT  managers  need  to  build 
application-aware  infrastructures. 

“IT  managers  can’t  afford  to  keep  over¬ 
laying  tools  to  get  a  handle  on  application 
performance,” says  Lynn  Nye, president  and 
founder  of  APM  Advisors.“Application  man¬ 
agement  has  to  be  part  of  the  infrastruc¬ 
ture;  it  can’t  be  an  afterthought  or  solved 
with  disparate  products  placed  on  top  of 
the  infrastructure.” 

Nye  says  APM  products  today  provide 
information  through  passive  data  collec¬ 
tors  and  to  some  degree  control  with  load¬ 
balancing  and  traffic-management  soft¬ 
ware.  Resolving  application  performance 
degradation  involves  collecting  data  from 
multiple  sources,  usually  through  the  use 
of  software  agents  on  servers  and  network 
probes,  and  correlating  the  information  to 
find  the  common  behavior  patterns.  Yet 

See  APM,  page  26 


■  BY  ELLEN  MESSMER 

Imagine  spending  three  years  and  mil¬ 
lions  of  dollars  to  plan  a  campus-style  LAN 
for  10,500  PCs  and  900  servers,  knowing  it 
would  only  be  in  place  for  three  weeks, 
with  thousands  of  TV  and  magazine 
reporters  watching  to  see  if  it  works? 

That’s  what  SchlumbergerSema  has 
taken  on  as  the  IT  systems  and  security 
integrator  for  next  summer’s  Olympics  in 
Athens,  Greece. 

SchlumbergerSema,  which  is  working 
with  Greek  telecom  operator  OTE  to  build 
an  IP-based  network  for  the  Olympic 


More  online! 

Trying  to  re-architect  your  data  center?  Attend  our 
free  seminar  to  learn  some  surefire  strategies. 

DocFinder:  8635 


Village,  is  in  charge  of  the  security  system 
based  on  bar-code  badge  readers  to  keep 
track  of  the  200,000  athletes,  coaches, 
sports  media  and  volunteers  given  admit¬ 
tance  to  authorized  venues  and  buses. 
There  are  more  than  3,000  IT  personnel 
working  with  SchlumbergerSema  (350  are 
SchlumbergerSema  employees)  to  ensure 
200  Cisco  routers,  1 ,600  Cisco  switches,  24 
Check  Point  firewalls  and  120  intrusion- 
detection  systems  (IDS)  from  assorted  ven¬ 
dors  are  properly  installed  well  before  the 
games  begin. 

“Our  job  is  to  protect  the  information  and 
data  resources,  which  includes  the  list  of 
competitors  and  information  on  family 
members  coming  to  the  games,"  says  Jean 
Chevallier,  vice  president  at  Schlumberger¬ 
Sema.  The  database  of  information  on 
200,000  people  also  will  contain  sensitive 
passport  information  and  medical  records. 

Reporters  covering  the  Olympics  will  use 
PCs  and  kiosks  on  the  network  to  get  com¬ 
petition  results,  historical  information  and 
background  on  the  competitors  that  will 
be  stored  in  Unix,  Solaris  and  Windows  NT 
servers.  Although  the  PCs  and  servers  will 
have  anti-virus  software  from  Computer 
See  SchlumbergerSema,  page  26 
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Is  there  a  viable  business  model  for 
commercial  ISPs  in  an  end-to-end 
!nternet?Telephone  carriers  looking  for¬ 
ward  to  an  Internet-based  future  don’t 
seem  to  think  so.  Instead,  the  carriers  are 
looking  for  ways  to  be  in  the  loop  as  con¬ 
tent  or  services  providers. 

But  there  might  be  other  options. 

A  purist’s  Internet  is  an  end-to-end  ser- 
vice.You  set  up  a  service, while  I  access  and 
use  it.  Maybe  I  pay  you  for  using  it.  As  long 
as  I  use  standard  Internet  protocols  no  ISP 
between  you  and  me  knows  that  you  are 
offering  the  service,  that  I’m  using  it  or  that 
I’m  paying  you  to  use  it. 

No  ISP  gets  part  of  whatever  fee  I’m  pay¬ 
ing  you.  I  pay  my  ISP  for  Internet  connec¬ 


Utopia,  except  for  the  phone  companies 


tivity,  and  you  pay  yours  for  Internet  con¬ 
nectivity.  If  there  are  other  ISPs  in  between 
they  do  not  receive  any  specific  chunk  of 
the  money  we  pay  to  our  ISPs.  Our  ISPs 
might  buy  connectivity  from  them,  but  the 
fee  for  that  connectivity  does  not  change 
based  on  what  our  ISPs  collect  from  us.  So 
ISP  service  is  basically  a  commodity  and 
it’s  hard,  although  not  impossible,  to  make 
money  selling  a  commodity 

It  costs  a  lot  to  build  an  ISR  particularly 
one  that  can  offer  very  high-speed  service. 
That  takes  fiber-optic  cable,  and  fiber  is 
expensive  to  buy  and  install.  Customers, 
especially  residential  customers,  are  reluc¬ 
tant  to  pay  enough  to  make  installing  such 
networks  economically  viable. 

There  is  an  alternative  to  the  carriers 
installing  the  fiber  themselves  that  is  get¬ 
ting  more  popular  and  might  get  even 
more  so  depending  on  the  outcome  of  an 
upcoming  Supreme  Court  case. 

If  carriers  cannot  afford  to  put  in  fiber  or 
are  unwilling  to  do  so  because  they  don’t 


think  customers  will  make  it  worthwhile, 
then  why  not  have  someone  else  install  the 
fiber  and  lease  it  to  ISPs?  The  Nov.  17  New 
York  Times  carried  a  story  about  plans  by  18 
cities  in  Utah  to  install  a  fiber  infrastructure 
called  UTOPIA  (Utah  Telecommunications 
Open  Infrastructure  Agency)  that  would 
reach  248,000  households  and  34,500  busi¬ 
nesses  (see  related  story  at  www.nw 
fusion.com,  DocFinder:  8725). A  lot  of  other 
municipalities  would  like  to  do  the  same, 
but  this  concept  caused  the  phone  compa¬ 
nies  to  pull  a  nutty  and  get  laws  adopted  in 
10  states  so  far  that  block  governmental 
entities  from  competing  with  local  tele¬ 
phone  companies. 

The  legality  of  such  restrictions  is  now  in 
front  of  the  U.S.  Supreme  Court  as  Nixon  v. 
Missouri  Municipal  League.  Arguments  in 
the  case  are  scheduled  to  be  heard  Jan.  12. 
Information  on  the  case  can  be  found  at 
DocFinders:  8726  and  8727. 

The  California  “One  Gigabit  or  Bust 
Initiative”  represents  another  type  of  effort. 


This  is  an  effort  to  fiber  up  every  educa¬ 
tional  institution,  business  and  home  in 
California  by  2010.  As  a  nongovernmental 
project  it  does  not  have  the  same  legal 
issues,  but  still  would  create  an  infrastruc¬ 
ture  instead  of  waiting  for  the  phone  com¬ 
panies  to  do  so. 

The  background  studies  for  the 
California  project  foresee  very  large  returns 
to  society  for  installing  very  high-speed  net¬ 
works,  but  not  enough  of  these  returns 
would  flow  to  the  carriers  to  make  it  possi¬ 
ble  for  them  to  do  the  job  on  their  own.  A 
related  question  is:  What  value  do  the 
phone  companies  bring  to  the  table  in  this 
case?  You  can  guess  my  answer  to  that. 

Disclaimer:  At  least  some  people  think 
Harvard  has  value  (in  addition  to  its  en¬ 
dowment),  but  this  guessing  game  is 
mine. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 
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until  recently  most  APM  tools  used  for  per¬ 
formance  monitoring,  application  acceler¬ 
ation  and  systems  management  worked 
independently. 

Products  such  as  Packeteer’s  Packet- 
Shaper,  which  associates  IP  addresses  and 
conversations  to  identify  and  manage 
flows  between  resources,  now  includes 
compression  technology  (which  speeds 
application  response  time  and  delivery). 

The  company  also  developed  Secure 
Sockets  Layer  acceleration  technology 
which  while  now  packaged  separately, 
could  become  part  of  the  Packeteer’s  flag¬ 
ship  products.  Companies  such  as  Fine- 
ground  Networks,  NetScaler  and  Redline 
Networks  also  cache  and  speed  applica¬ 
tion  content  to  improve  response  time. 

The  trend  is  to  attack  application  perfor¬ 
mance  with  a  variety  of  technologies 
installed  across  the  infrastructure, yet  work¬ 
ing  together  toward  the  same  goal.  While 
network  appliances  can  watch  traffic 
between  resources,  Nye  says  software  on 
servers  and  desktops  is  the  best  route  to 
take  when  preparing  a  network  for  appli¬ 
cation  management.  New  companies  such 
as  Cerberian,  which  provides  Web-filtering 
capabilities,  work  to  incorporate  the  end- 
user  perspective  into  the  overall  perfor¬ 
mance  rating  of  an  application. 

"Putting  in  software,  whether  it’s  turned 
on  on  every  desktop  or  not,  is  far  less 
expensive  than  putting  hardware  in  every 
remote  location,”  Nye  say's.  APM  Advisors’ 
vision  of  an  integrated  APM  infrastructure 
is  just  emerging  as  enterprise  IT  managers 
continue  to  slowly  chip  away  at  their  APM 
problems. 

APM  software  gave  Towers  Perrin's 
Lubanski  the  persp-  ctive  he  couldn’t  get 
by  cobbling  data  collected  by  network  and 
systems  management  tools  together.  He’s 


enjoying  success  with  the  TeaLeaf  software 
managing  one  application.  His  company 
which  supports  about  10,000  employees 
across  90  locations  and  welcomes  more 
than  1  million  users  to  its  Web  site,  will 
need  to  roll  out  the  TeaLeaf  software  to  get 
perspective  on  multiple  applications  and 
predict  their  behavior. 

Lubanski  used  to  rely  on  synthetic  tests, 
or  scripts  that  make  requests  to  an  appli¬ 
cation  and  act  as  an  end  user  might,  to 
gather  information  on  how  an  application 
behaves.  However,  the  speed  with  which 
Web  applications  process  information  and 
the  lack  of  “real”  data  being  delivered 
caused  him  to  try  TeaLeaf. 

“As  more  and  more  apps  came  onboard 
and  the  more  things  went  live,  we  realized 
the  scripts  only  tested  a  single  function. 
There  is  too  much  going  on  behind  the  app 
to  test  function  by  function,”  he  says.  By 
integrating  TeaLeaf  into  NetlQ’s  App- 
Manager,  Lubanski  says  he  hopes  to  pre¬ 
vent  the  event  storms  that  result  when  mul¬ 
tiple  systems  start  alerting  on  the  same 
problems. “The  next  big  thing  is  event  cor¬ 
relation’’ he  says. 

Christopher  Soto  started  to  address  APM 
on  his  company’s  Oracle  applications. The 
Oracle  e-business  database  administrator 
at  Murad,  a  skincare  product  maker  in  El 
Segundo,  Calif.,  uses  Foglight  from  Quest 
Software  to  monitor  the  Web  servers  and 
databases  supporting  Oracle  applications 
and  an  e-commerce  Web  site. 

In  the  past,  Soto  says  he  would  have  to 
check  event  logs  on  Web  servers,  applica¬ 
tion  servers  and  databases  to  try  to  pin¬ 
point  the  source  of  Oracle  performance 
problems.  Foglight  helps  use  one  console 
to  spot  potential  problems. 

“There  are  so  many  different  pieces  that  it 
is  nearly  impossible  to  proactively  monitor 
every'  single  piece  all  the  time,”  Soto  says. 
“[APM]  software  can  help  you  figure  out 
what  piece  to  look  at  first.”  ■ 


SchlumbergerSema 

continued  from  page  25 

Associates  and  other  vendors  on  them, 
SchlumbergerSema  is  taking  many  steps  to 
be  able  to  respond  to  worms  and  network 
attacks, should  they  strike. 

The  main  way  to  stop  these  potential 
attacks  is  through  CAs  eTrust  Command 
Center,  which  can  keep  an  audit  trail  of  net¬ 
work  activity  and  collect  input  from  the 
firewalls,  IDS,  anti-virus  software  and  other 
security  protections  to  prioritize  security- 
related  events. 

“The  most  complicated  part  is  the  use  of 
the  centralized  event  tracking  and  the  co¬ 
relation  tool,  which  helps  make  decisions,” 
Chevallier  says.  Use  of  the  eTrust  Command 
Center  is  expected  to  give  the  IT  depart¬ 
ment  at  the  Olympics  data  center  a  way  to 
correlate  information  collected  from 
routers,  servers  and  IDSs  to  identify  a  possi¬ 
ble  network  attack,  virus  or  compromise. 

“We’re  positioning  thousands  of  probes 


in  the  network  to  send  information  to 
eTrust,”  Chevallier  says. 

Testing  of  the  Olympics  intranet  equip¬ 
ment  recently  started  at  Schlumberger- 
Sema’s  Technical  Operations  Center  in 
Athens. 

At  the  last  Olympics  in  Salt  Lake  City 
where  SchlumbergerSema  was  the  top  sys¬ 
tems  integrator,  a  barrage  of  network 
attacks  came  from  the  Internet,  Chevallier 
says.  “In  Athens,  thank  God,  we  have  man¬ 
aged  to  convince  everyone  to  isolate  the 
games  network  from  the  Internet,”  he  says. 
“It’s  a  closed  network.” 

Phillippe  Verveer,  technology  director  for 
the  International  Olympic  Committee, 
which  selects  the  IT  vendors  for  the  games, 
says  that  the  Olympics  has  managed  to 
ward  off  network  attacks  over  the  years  that 
the  public  hasn’t  always  heard  about  at  the 
time.“In  Albertville  in  ’92  we  had  someone 
trying  to  take  down  the  network,  but 
because  we  had  back-up  there  was  no 
impact.”* 


Olympian  effort 


The  network  for  next  summer's 
Olympics  in  Athens  comprises: 

10,500  PCs. 

900  servers. 

1,800  Cisco  switches  and  routers. 

24  Check  Point  firewalls. 

Barcode  reader  support  for 
200,000  athletes  and  others. 
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of  Advanced  Micro  Devices.  Inc. 


The  AMD  Opteron" processor,  superior  32-bit  performance  with  expanded  64-bit  capability. 

It’s  the  only  server  processor  designed  to  run  your  32-  and  64-bit  applications  simultaneously  and  without  compromise. 
AMD  Opteron  runs  on  AMD64,  a  breakthrough  architecture  that  enables  64-bit  technology  on  the  x86  platform-creating 
a  new  class  of  computing. 

The  world’s  highest  performing  2P  and  4P  industry  standard  servers 
are  now  powered  by  AMD  Opteron  processors.  Get  unparalleled  32-bit 
performance  and  the  ability  to  transition  seamlessly  to  64-bit  computing. 

Leverage  your  existing  investments  while  preparing  for  the  future.  It’s  one  architecture 
across  your  enterprise  that  offers  industry  leading  performance  for  your  32-bit  applications,  and  doesn’t 
require  a  forklift  upgrade  as  more  64-bit  applications  emerge.  It’s  just  another  way  AMD  designs  and  builds 
processors  with  you  in  mind.  For  a  closer  look  at  the  AMD  Opteron  processor,  visit  www.amd.com/opteron 
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AT&T  and 
AT&T  Wireless 


The  path  to  IP  can  be  strewn  with  obstacles.  Or  not. 


Protect  your  investment  with  Sprint. 
Smoother  migration,  fewer  headaches  with 
one  company. 

•  SprintlinkSM  IP  services  utilize  a  common  IP  platform  for  easy  migration 
from  existing  legacy  technologies  to  IP  AT&T  doesn't,  which  can  introduce 
integration  concerns. 

•  Sprint  has  a  broader  portfolio  of  IP  VPN  services,  so  we  can  tailor 
migration  solutions  that  extend  the  life  of  your  existing  network  assets 
and  save  money. 

•With  our  integrated  wireless  and  wireline  services,  managed  as 
one  seamless  network,  you  can  run  IP  applications  to  more  people 
in  more  places. 

Get  the  facts  at  sprint.com/facts  or  call  866-700-0029 

for  a  Business  Representative. 


One  Sprint.  Many  Solutions^ 

Voice/Data  PCS  Wireless  Internet  Services  E-Business  Solutions  Managed  Services 


Coverage  claims  based  on  the  Sprint  Nationwide  PCS  Network  (reaching  240  million  people),  the  AT&T  Wireless  National  Next  Generation  (GPRS)  network  and  coverage  included  with 
available  service  plans  excluding  roaming  areas.  Copyright  ©Sprint  2003  All  rights  reserved  Sprint  and  the  diamond  logo  are  trademarks  of  Sprint  Communications  Company  IP 
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■  EXTRANETS  ■  INTEREXCHANGES  AND  LOCAL  CARRIERS 
REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE  DEVELOPMENTS 


■  AT&T  inked  a  multi-million  dollar 
deal  with  athletic  footwear  retailer 
The  Finish  Line  last  week.  The 
three-year  contract  includes  local 
and  long-distance  voice,  frame  relay 
and  Internet  access  services  across 
the  country.  AT&T  is  connecting  The 
Finish  Line's  headquarters  in  India¬ 
napolis  with  500  retail  stores  across 
the  country.  The  Finish  Line  was 
using  voice  services  from  MCI  and 
other  regional  carriers,  but  now  is 
consolidating  all  of  its  telecom  ser¬ 
vice  needs  into  one  contract  with 
AT&T. 

■  In  the  first  phase  of  a  two-phase 
rollout,  Verizon  will  turn  up  a 
“non-QoS”  voice-over-IP  ser¬ 
vice  for  consumer  DSL  customers 
in  the  second  quarter  of  2004,  the 
company  says.  The  second  phase 
will  be  a  managed  service  offering 
over  DSL  and  T-1  access  lines  for 
residences  and  businesses  in  the 
fourth  quarter  of  2004.  Analysts  say 
Verizon's  VoIP  services  are  intended 
to  defend  its  turf  against  cable  com¬ 
panies  offering  voice  and  are  an 
alternative  effort  to  retain  cus¬ 
tomers  vs.  primary  access  lines. 
Some  regional  Bell  operating  com¬ 
panies,  such  as  SBC,  fear  that  VoIP 
would  present  a  threat  to  their  abili¬ 
ty  to  retain  access  line  revenue  by 
offering  consumers  yet  another 
technology  alternative  to  the  tradi¬ 
tional  plain  old  telephone  service  line 
into  their  homes. 

■  Verizon  plans  to  purchase  an 
additional  220  Multi-protocol  Label 
Switching-enabled  routers  as  part  of 
a  nationwide  network  buildout  to 
crack  the  large  enterprise  market. 
Verizon  already  deploys  80  such 
routers  in  its  network,  which  provi¬ 
sions  IP  VPN  services  to  large  com¬ 
panies  under  the  carrier’s  Enter¬ 
prise  Advance  initiative.  Cisco, 
Juniper  and  Redback  Networks  sup¬ 
ply  routers  to  Verizon.  The  RBOC 
has  landed  900  contracts  with  more 
than  550  of  its  largest  customers 
since  unveiling  Enterprise  Advance 
a  year  ago,  the  company  says. 


AT&T’s  Eslambolchi  talks  IP 


in 


MM 


Hossein  Eslambolchi  is  in  the  unusu¬ 
al  position  of  holding  three  execu¬ 
tive  roles  at  one  of  the  largest  U.S. 
companies.  A  1 7-year  AT&T  veteran, 
he  is  president  of  AT&T  Labs,  CTO 
and  CIO.  Eslambolchi  says  the 
hands-on  experience  gives  him  the 
diversity  of  knowledge  needed  to 
look  ahead  to  next-generation 
technology  and  the  operational  know-how  to  reduce 
costs.  He  recently  spoke  with  Network  World  Senior 
Editor  Denise  Pappalardo. 

MCI  has  maintained  for  years  that  it  has  the  largest  IP  backbone. 
But  AT&T  makes  the  same  claims.  Can  you  explain? 

We  have  the  largest  IP  network  in  the  world.  AT&T  trans¬ 
ports  about  1,200  terabytes  of  data  per  day  on  our  IP  net- 
work.That’s  1.2  petabytes  per  day  We  have  more  than  5,000 
points  of  presence.  Each  day  we  transport  10  times  as  much 
data  as  voice  traffic.  We  transport  about  4.4  petabytes  a  day 
of  high-speed  data  including  IPATM,  frame  relay  and  private 
line.  Compared  to  voice,  where  we  transport  450  terabytes  of 
traffic  per  day 

MCI  keeps  saying  it’s  connected  to  more  autonomous  sys¬ 
tems  or  other  IP  backbones.They  also  talk  about  the  number 
of  endpoints  connected  to  the  network,  but  those  measure¬ 
ments  are  not  sufficient.  How  much  traffic  you  generate  is  a 
more  important  point. 

Why  should  it  be  important  to  a  business  user  if  AT&T,  MCI  or  some¬ 
one  else  has  the  largest  IP  network? 

Because  the  largest  IP  provider  can  directly  reach  more 
points  on  the  Internet,  therefore  bringing  business  users  clos¬ 
er  to  content  and  also  bringing  the  larger  Internet 
closer  to  their  content.  We  have  4  million  business  cus¬ 
tomers.  We’re  partnering  with  six  of  the  largest  cable  compa¬ 
nies  to  support  their  IP  traffic. 

Isn’t  quality  and  reliability  a  bigger  factor  for  customers? 

About  three  years  ago  reliability  of  the  network  was 
nowhere  near  the  reliability  of  the  public  switched  tele¬ 
phone  network.  We  were  at  about  99%  reliability,  which  is 
extremely  poor.  Over  the  last  two  to  two-and-a-half  years, 
we’ve  worked  very  closely  with  our  vendors.  We’ve  taken 
them  to  AT&T’s  school  of  reliability  When  they  graduate 
they’re  at  99.99%  reliability,  which  is  like  a  college  degree. 

What  does  99.99%  reliability  mean  to  a  user? 

In  determining  the  reliability  of  a  network  you  look  at  the 
number  of  defects  per  million.  For  example,  if  a  port  is  avail¬ 
able  for  1  million  hours  and  it  experiences  100  defects  in 
that  time,  we  say  it  has  100  DPMs.That’s  equivalent  to  50  min¬ 
utes  of  downtime  for  every  1  million  hours. 

When  will  the  IP  network  have  the  same  reliability,  99.999%,  as 
AT&Ts  other  data  services? 


It  may  take  another  12  to  24  months  to  reach  that  level.  Five 
nines  of  reliability  is  what  we’re  shooting  for.  A  network  with 
99.999%  reliability  means  it  experiences  10  DPM,  which  is 
equivalent  to  a  maximum  of  5  minutes  of  downtime  every 
year.  At  five  nines  the  network  is  ready  for  mission-critical 
applications. 

AT&T  is  consolidating  its  networks  to  one  IP  backbone.  What  are 
some  of  the  key  steps? 

The  plan  is  to  deploy  multiservice  switches,  which  will  sup¬ 
port  Layer  2  and  Layer  3  services,  in  the  network  in  the  first 
quarter.  We’ll  deploy  80  switches  over  a  period  of  time. 

. .  .There  is  a  lot  of  complexity  at  the  edge  of  the  network, 
and  this  is  where  the  battleground  is.  We’ve  been  building 
the  systems  to  support  this  multiservice  edge.  We’ve  also 
been  working  on  creating  an  aggregator  box  called  a  multi¬ 
service  aggregator  [MSA]. This  device  will  take  all  traffic  in 
from  the  edge  and  deliver  it  as  IP  over  Ethernet. 

Where  would  these  aggregators  be  deployed? 

We  have  6,400  buildings  directly  connected  to  our  local 
fiber  network.These  aggregators  could  be  deployed  at  all  of 
these  sites.The  IP  to  Ethernet  MSA  will  hit  the  multi¬ 
service  edge  switch,  which  will  then  connect  directly  to  our 
MPLS  network  or  our  intelligent  optical  network. 

How  is  AT&T  aggregating  traffic  today? 

We  use  multi-service  platforms  from  Lucent  and  Cisco.  Both 
take  traffic  from  the  edge.The  only  difference  is  that  each 
use  TDM  over  SONET.  That’s  still  a  little  inefficient,  but  that 
was  the  best  technology  available  at  the  time. 

So  what's  the  benefit  of  IP  over  Ethernet? 

I  want  to  move  IP  farther  into  the  network  to  get  better  sta¬ 
tistical  multiplexing.  It  will  require  few  service-specific 
devices,  which  will  reduce  the  management  complexity  of 
the  network  and  also  reduce  capital  expenses. 

This  platform  lets  AT&T  ditch  frame  relay  and  ATM-specific  gear? 

Yes.The  point  I’m  trying  to  make  is  that  a  T-1  is  a  T-1  is  a 
T-1  .The  only  thing  that  differentiates  a  T-1  is  the  protocol  that 
runs  over  it.  We  want  to  move  the  industry  away  from  con¬ 
trolling  these  services  with  different  boxes  to  controlling 
them  with  software.This  will  allow  you  to  change  a  frame 
relay  T-1  to  IP  by  using  a  different  software  module. 

Are  there  MSA  products  out  now  that  meet  AT&T s  needs? 

We’re  in  the  request-for-information  and  request-for-propos- 
al  process.  We’re  narrowing  down  the  number  of  vendors  to 
about  five.  And  then  we’ll  narrow  it  down  to  two  vendors  and 
start  testing  in  the  first  quarter.  Everything  becomes  packet 
end-t&end,  eventually  eliminating  TDM. 

If  TDM  isn't  used  to  transport  traffic,  what  will  be  used? 

Next-generation  fiber  optics  is  moving  toward  a  photonic 
infrastructure,  which  will  eliminate  the  need  for  electronic 
cross-connects.  Instead,  it  uses  mirrors  to  direct  traffic. 

See  Eslambolchi.  page  31 
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Service  Providers 


EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


There’s  some¬ 
thing  to  be  said 
for  worrying 
about  the  cloud 


I  was  recently  asked  to  moderate  a 
panel  discussion  at  the  Executive 
Council  of  New  York  on  the  topic  of 
Security  and  Business  Continuity  One  of 
the  keynote  speakers  was  William  Pelgrin, 
director  of  the  New  York  State  Office  of 
Cyber  Security  &  Critical  Infrastructure 
Coordination.  Created  in  response  to  the 
Sept.  1 1  attacks,  CSCIC  coordinates  private 
and  public  cybersecurity  initiatives  in 
New  York,  and  is  actively  sharing  best 
practices  with  the  other  49  states. 

It’s  a  great  initiative  (and  I’m  not  just  say¬ 
ing  that  because  I’m  a  New  Yorker).  The 
goal  of  better  securing  network  infrastruc¬ 
ture  and  services  is  laudable  by  itself.  But 
it’s  how  CSCIC  is  going  about  the  process 
that’s  unusual:  actively  recruiting  partici¬ 
pation  by  private  companies,  including 
key  infrastructure  and  service  providers 
and  businesses  that  are  vulnerable  to 
cyberthreats  —  and  then  listening  to 
them.  (When  was  the  last  time  govern¬ 
ment  agencies  listened  to  you?) 

What  motivated  me  to  write  this  column 
was  a  comment  that  Pelgrin  made  about 
the  dangers  of  assuming  too  much  about 
network  infrastructure.  In  a  previous  role 
as  a  non-technologist  heading  up  the  New 
York  state  Office  for  Technology,  he  often 
asked  his  team  to  explain  infrastructure 
components.  Too  often,  they  would  draw 
the  network  as  a  series  of  clouds,  with  no 
detail.  When  he  asked  what  that  cloud 
consisted  of,  they’d  tell  him. “Oh,  that’s  the 
network.  We  don’t  need  to  worry  about  it. 
It’s  always  there.” 

Well,  in  the  attacks  of  Sept.  1 1,  New  York 
lost  2,250  telecom  circuits,  knocking  out 
service  to  companies  all  around  New 
York.  Pelgrin  concluded:  “We  need  to 
worry  about  the  cloud.” 

He’s  absolutely  right. 


But  worrying  is  only  helpful  if  it’s  con¬ 
structive.  What  can  IT  executives  do  to 
ensure  that  their  critical  network  infra¬ 
structure  is  protected  against  attacks? 
Some  recommendations: 

•  Get  engaged.  Companies  based  in 
New  York  can  contact  CSCIC  to  find  out 
more  about  best  practices  for  network 
security  and  to  learn  what  their  infrastruc¬ 
ture  providers  are  up  to.  As  noted,  other 
states  are  beginning  to  work  with  New 
York  to  share  best  practices,  so  non-New 
Yorkers  should  contact  the  technology 
departments  for  their  state  governments 
and  find  out  what  they’re  up  to. 

•  Invest.  A  recent  Nemertes  Research  sur¬ 
vey  uncovered  the  nerve-wracking  fact  that 
virtually  all  companies  are  substantially 
underinvesting  in  security  initiatives.  The 
average  investment  was  3%  of  the  overall  IT 
budget,  well  below  the  best  practices  of  5% 
minimum  or  the  10%  that  a  handful  of 
leading-edge  firms  are  investing. 

•  Share  your  pain.  Make  sure  all  your 
suppliers,  including  telcos,  understand 
that  sharing  their  security  strategies,  tac¬ 
tics  and  practices  is  a  requirement  for 
doing  business  with  you.  As  noted  in  pre¬ 
vious  columns,  it’s  best  to  bring  this  up 
when  they’re  likely  to  listen:  during  con¬ 
tract  negotiations  or  renegotiations.  When 
there’s  money  on  the  table,  it’s  surprising 
how  well  telcos  listen. 

•  Keep  me  posted.  Please  share  the 
challenges  and  successes  of  your  network 
security  initiatives  —  a  solid  body  of  best 
practices  is  the  best  way  to  avoid  making 
dangerous  mistakes. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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A  lot  of  companies  tried  this  in  the  past 
and  it  didn’t  work.  But  the  new  technol¬ 
ogy  coming  up  over  the  next  three  to  five 
years  will  allow  you  to  move  from  an 
electronic  to  a  photonic  infrastructure. 
We’ve  also  been  working  on  long-haul 
and  ultra-long-haul  technologies  that 
allow  us  to  manage  wavelengths 
between  two  cities  without  the  need  for 
regeneration. 

You've  talked  about  the  need  to  eliminate 
AT&T's  dependency  on  incumbent  local  ex¬ 
change  carriers.  What  are  the  biggest  prob¬ 
lems  there? 

Access  is  where  the  highest  level  of 
cost  is  for  us.  AT&T  spends  billions  of 


dollars  with  the  ILECs,  which  is  high- 
octane  profit  for  these  guys.  The  second 
problem  is  the  local  connection  is  still  a 
bandwidth  bottleneck.Third,  there  is  lit¬ 
tle  way  to  differentiate  your  network  at 
the  local  level. 

What  is  AT&T  doing  to  solve  those  problems? 

We’re  trying  to  expand  our  footprint 
using  local  infrastructure.To  bypass  access 
today  we  get  [unbundled  network  ele- 
ment-platfrom]  from  the  ILECs.  But  we’re 
looking  at  all  types  of  technologies  that 
will  allow  us  to  bypass  the  ILECs  all 
together.  We ’re  checking  out  power  line, 
802. 1 1 ,  fixed  wireless  and  free  space 
optics  technologies.  For  many  businesses 
fiber  is  the  only  answer,  but  we’re  check¬ 
ing  out  all  methods  to  drive  down  local 
access  costs.  ■ 
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Finally,  a  company  that  talks  big  and 
works  bigger.  A  company  that  talks  ROI 
and  actually  delivers.  A  company  that 
provides  real  business  value  you  can 
measure.  A  network  solutions  and 
services  provider  called  NextiraOne. 

At  NextiraOne,  we  bring  clarity  to  your 
complex  communications  networks. 
Planning,  designing,  implementing, 
supporting  and  managing.  For  voice, 
data  and  converged  infrastructures. 

In  the  United  States  or  around  the 
world.  You  name  it,  we  do  it  -  with 
world-class  results. 

www.NextiraOne.com  (888)  888-1055 
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AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


LWAPP  brings  harmony  to  WLANs 


HOW  IT  WORKS 


LWAPP 

Emerging  WLAN  architecture  shifts  functionality  from 
the  access  point  and  centralizes  intelligence  within 
the  access  controller,  or  WLAN  switch.  The  Lightweight 
Access  Point  Protocol  governs  how  WLAN  devices 
communicate  with  each  other. 
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Access  controller 


O  Access  point  sends  out  discovery  requests. 

©  Best  available  access  controller  verifies  access  point  and  provides  WLAN  configuration  information 
(SSIDs,  security  policies,  etc.). 

©  Access  controller  gets  user  authentication  credentials  via  back-end  database. 

O  LWAPP  handles  data  encapsulation,  fragmentation  and  transport  across  WLAN. 


■  BY  JEFF  AARON  AND  PAT  CALHOUN 

Centralized  security  and  management  of 
wireless  LANs  is  a  rapidly  growing  trend  in 
which  a  WLAN  device  such  as  a  switch, 
appliance,  or  router  is  used  to  create  and 
enforce  policies  across  many  streamlined, 
or  lightweight,  radio  access  points. 

As  is  the  case  with  any  network  technol¬ 
ogy  standardization  is  key  to  widespread 
adoption.  More  specifically,  a  standardized 
protocol  is  required  that  governs  how 
WLAN  system  devices  communicate  with 
lightweight  access  points  to  ensure  interop¬ 
erability  and  to  avoid  having  to  buy  from 
only  one  vendor. 

This  is  the  role  of  the  Lightweight  Access 
Point  Protocol  (LWAPP),  a  draft  standard 
the  Internet  Engineering  Task  Force  is  con¬ 
sidering  as  part  of  the  Control  and  Pro¬ 
visioning  of  Wireless  Access  Points  (CAP- 
WAP),  which  is  in  the  preliminary  stages  of 
becoming  an  IETF  working  group. 

Traditional  WLANs  function  on  a  stand¬ 
alone  basis.  As  such,  they  are  based  on  a 
device  known  as  a  fat  access  point,  which 
contains  all  wireless  processing  capabili¬ 
ties.  This  traditional  architecture  doesn’t 
let  different  vendors’  equipment  interop¬ 
erate.  The  new,  hierarchical  WLAN  archi¬ 
tecture  departs  from  this  model. 

LWAPP’s  goal  is  to  provide  consistent 
behavior  across  WLAN  devices,  ensure 
multi-vendor  WLAN  interoperability,  pro¬ 
tect  WLAN  hardware  investments  and 
create  a  foundation  for  delivering 
advanced  WLAN  functionality  in  enter¬ 
prise  environments.  LWAPP  helps  com¬ 
panies  simplify  WLAN  deployment  and 
management,  and  build  large-scale  wire¬ 
less  networks. 

An  LWAPP-managed  network  consists  of 


multiple  access  points  connected  via  Layer 
2  (Ethernet)  or  Layer  3  (IP)  to  an  access 
controller.  Access  controllers  typically  are 
WLAN  appliances  or  WLAN  switches.  With 
LWAPPaccess  points  are  essentially  remote 
radio  frequency  interfaces  that  no  longer 
house  all  the  mandatory  wireless  process¬ 
ing  capabilities  and  are  controlled  by  the 
access  controller. 

LWAPP  governs  how  access  points  and 
access  controllers  communicate  with  each 
other  by  defining  the  following  activities: 

•  Access  point  device  discovery  and 
authentication  — When  an  access  point  is 
plugged  into  a  wireless  network,  it  uses 
LWAPP  to  discover  available  access  con¬ 


trollers.  After  the  access  point  is  certified  as 
a  valid  network  device,  it  associates  with 
the  best  available  WLAN  switch/appliance. 

•  Access  point  information  exchange, 
configuration  and  software  control  —  The 
access  point  is  updated  with  the  most 
recent  software  load  and  configured  with 
appropriate  WLAN  system  information, 
such  as  Service  Set  Identifiers,  channel 
assignments  and  security  parameters. 

•  Communications  control  and  manage¬ 
ment  between  access  point  and  wireless 
system  devices  —  LWAPP  handles  packet 
encapsulation,  fragmentation  and  format¬ 
ting  of  data  being  transferred  between 
access  points  and  access  controllers. 


LWAPP  has  several  practical  benefits  for 
enterprise  environments.  By  reducing  the 
amount  of  processing  within  an  access 
point,  the  LWAPP  specification  lets  the 
limited  computing  resources  on  the 
access  point  focus  on  wireless  access, 
rather  than  filtering  and  policy  enforce- 
ment.The  protocol  centralizes  traffic  han¬ 
dling,  authentication,  encryption  and  pol¬ 
icy  enforcement  (quality  of  service  and 
security)  capabilities  within  the  access 
controller,  improving  the  effectiveness  of 
WLAN  management. 

LWAPP  also  improves  WLAN  security  be¬ 
cause  it  provides  a  generic  and  secure 
encapsulation  and  transport  mechanism 
for  multi-vendor  access-point  interoper¬ 
ability,  either  by  means  of  a  Layer  2  infra¬ 
structure  or  an  IP-routed  network. 

Finally  LWAPP  lets  network  administra¬ 
tors  use  an  array  of  interoperable  access 
points  and  wireless  system  devices  from 
multiple  vendors.  As  a  result,  they  can 
make  purchasing  decisions  based  on  the 
functionalities  of  individual  access  points 
and  access  controllers  rather  than  simply 
buying  gear  from  the  same  product  line  as 
a  matter  of  necessity. This  is  also  expected 
to  drive  down  access  point  pricing. 

LWAPP  is  expected  to  move  to  a  work¬ 
ing  group  within  the  IETF  in  the  first  half 
of  next  year.  Standardization  is  projected 
to  take  approximately  18  to  24  months, 
but  early  vendor  implementations  exist 
today. 

Aaron  is  senior  manager  of  product  mar¬ 
keting  at  Airespace.  Calhoun  is  CTO  of 
Airespace  and  one  of  the  co-authors  of  the 
LWAPP  protocol.  They  can  be  reached  at 
jaaron@airespace.com  and  pcalhoun@ 
airespace.com,  respectively. 


Dr.H  By  Steve  Blass 

Our  Microsoft  Access  database  is  growing  rapidly 
and  getting  harder  to  share  effectively.  Our  IT 
team  said  we  can  use  table  space  in  a  central 
MySQL-DB  database.  Can  we  still  use  Access  at  the 
desktop  to  work  with  data  in  a  MySQL  database? 

To  use  Access  as  a  client  for  a  centralized  SOL 
database  you  can  establish  a  link  to  the  central 
database  by  configuring  an  Open  DataBase  Con¬ 
nectivity  (ODBC)  data  source  to  handle  the  con- 


nections.The  driver  required  for  Microsoft  SQL 
databases  is  usually  available  without  installing 
additional  software  on  your  PC.  To  connect  to  a 
MySOL  database  install  the  Connector/ODBC 
software  from  www.mysql.com.  After  you  down¬ 
load  and  install  the  Connector/ODBC  driver,  con¬ 
figure  an  ODBC  data  source  for  the  MySOL  data¬ 
base  through  the  data  source  selection  in  your 
PC’s  control  panel.  Once  the  ODBC  data  source  is 
set  up,  open  Access  and  choose  Open  from  the 


File  menu.  Choose  "ODBC  databases”  from  the 
"Files  of  type:"  options  and  pick  out  the  MyODBC 
data  source  you  configured  from  the  "Machine 
Data  Source”  tab  in  the  selection  dialog.  Follow 
the  instructions  in  the  manual  from  mysql.com  to 
export  your  Access  database  into  MySOL. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.  inter net@ 
changeatwork.  com. 
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Whatever  your  world 


Dell  has  a  customized  IT  solution  for  your  business,  no  matter  what  business  you're  in,  or  what  size 

it  is.  From  PowerEdge™  servers  featuring  Intel®  Xeon“  processors  to  network  support  products  like  PowerVaulf 
storage  and  PowerConnecf  switches,  Dell  offers  flexible,  high-performance  industry-standard  technologies  and 
software  solutions  that  are  just  right  for  your  particular  business  needs.  And  we'll  help  you  every  step  along  the 
way.  Whether  it's  planning  and  design,  testing  and  validation,  systems  management,  or  our  award-winning  24x7 
service  and  support,  Dell  will  help  you  create  an  IT  infrastructure  that's  easy  to  choose,  deploy  and  manage. 
So  make  life  easy  on  yourself  and  get  a  big  advantage  over  your  competition — with  a  unique  IT  solution  from  Dell. 


PC  Magazine  Editors'  Choice  Award 

PowerEdge  1750 
—October  28,  2003 
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File&Print  Servers 


Reliable  servers  that  make 
managing  your  network  easy. 


/VEWPOWEREDGE™  400SC  SERVER 


Small  Business  Value  Server 

•  Intel*  Celeron*  Processor  at  2GHz 

•  Upgradable  to  Intel*  Pentium*  4  Processor  at  3.20GHz 
with  800MHz  Front  Side  Bus7’ 

•  128MB  333MHz  ECC  DDR  SDRAM  (Up  to  4GB) 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  240GB  of  Internal  Hard  Drive  Storage 

•  Embedded  Intel*  PRO  Gigabit'4  NIC 

•  1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 

•  1-Yr  Next  Business  Day  On-Site  Service1 

•  Small  Business  Pricing 


E-VALUE  Code:  20272-S21203g 


POWEREDGE'“650* *  RACK  SERVER 


1U  Value  Rack  Server 

•  Intel*  Pentium*  4  Processor  at  2.40GHz 

•  Upgradable  to  Intel*  Pentium®  4  Processor  at  3.06GHz 

•  256MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  4GB  of  SDRAM 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  240GB  of  Internal  Hard  Drive  Storage 

•  ATA  100  IDE  RAID  Controller  Available 

•  Intel®  PRO  Gigabit50  NIC 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

1QQ  as  l°w as $33/mo„  (46  pmts.30) 

'P  |  |  E-VALUE  Code:  20272-S21211g 


Database&Web  Server  solutions  to  manage 

Hosting  Servers  diverse  networks 


POWEREDGE '  2600  TOWER  SERVER 


Multi-Use  Tower  Server 

•  Intel®  Xeon"  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon"  Processor  Capable  (Up  to  3.20GHz) 

•  512MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  6GB  of  SDRAM 

•  36GB  (10K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Active  ID  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service1 

•  Small  Business  Pricing 

ffc  as  low  as  $49/mo„  (46  pmts10) 

*P  I  /  E-VALUE  Code:  20272-S21217g 


POWEREDGE  1750*  RACK  SERVER 


Feature-Rich  1U  Rack  Server 

•  Intel®  Xeon"  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon"  Processor  Capable  (Up  to  3.20GHz) 

•  1GB  266MHz  ECC  DDR  SDRAM  (Up  to  8GB) 

•  18GB  (15K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Integrated  Dual-Channel  Ultra320  SCSI  Controller 

•  Active  ID  Front  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

as  low  as  $55/mo„  (46  pmts.10) 

E-VALUE  Code:  20272-S21220g 


Services 


Purchase 


■m 


Dell  offers  a  wide  range  of  reliable,  award-winning  technology, 
all  delivered  from  a  single  point  of  contact — and  our  expert  sales 
associates  are  there  to  help  you  find  the  technology  that's  right 
for  your  business. 


Once  you’ve  selected  the  right  technology,  Dell  can  help  you  get  it  up  and 
running  quickly  and  cost-effectively  with  our  custom  on-site  installation 
and  configuration  services. 


Training&Certification— Starting  at  $100/person 


After  installation,  Dell  can  help  turn  your  employees  or  IT  staff  into 
experts  on  your  new  technology  through  a  variety  of  training  and 
certification  courses — helping  increase  your  business'  long-term 
productivity. 


Service&Support 


The  support  doesn't  end  at  the  sale.  Dell’s  award-winning  service  and 
support  offerings  help  ensure  that  your  new  network  remains  up  and 
running — with  Web,  phone  or  on-site  service3  and  support. 


4-Way  Servers 

Build  a  powerful,  protected  network. 

POWEREDGE™  6600*  TOWER  SERVER 


High-Speed  Mission  Critical  Tower  Server 

•  Intel*  Xeon"  Processor  at  1 .50GHz 

•  Quad  Intel®  Xeon"  Processor  Capable  (Up  to  2.80GHz) 

•  512MB  DDR  SDRAM 

•  Up  to  32GB  266MHz  DDR  ECC  SDRAM 

•  Up  to  1752GB  Maximum  Internal  HDD  Storage 

•  Embedded  Ultra  SCSI  Adaptec®  (160MB/s)  Controller 

•  Standard  Hot-Swap  Hard  Drives.  Hot-Swap  Redundant 
Fans  and  Hot-Swap  Redundant  Power  Supplies 

•  10  Hot-Plug  PCI-X  Slots 

starting  at 

C  ^  Q  ffc  as  low  as  $107/mo„  (46  pmts*) 

J  E-VALUE  Code:  20272-S21239g 


Storage  Options 

Cost  efficient  file  storage  to 
enhance  your  network. 

I 

Network  Switches 

Scalable,  high-performance  switches 
to  enhance  your  network. 

DELL™  POWERVAULT™  725N  NAS 

iJ 

POWERCONNECT™  3324*  SWITCH 

Optimized  File  Storage  Across  the  LAN 

•  Intel®  Celeron®  Processor  at  2GHz 

•  Microsoft*  Windows®  Powered  Network  Attached  Storage 

•  384MB  DDR  SDRAM  (Up  to  3GB) 

•  4x40GB  (160GB)  IDE  Hard  Drives 

•  Up  to  1 TB  of  Internal  Storage  Capacity 

^  'Tj  as  low  as  $  49/mo.,  (46  pmts*) 

V  |  /  J  E-VALUE  Code:  20272- S21217 


DELL/EMC 


High-Performance  Workgroup  Switch 

•  24  Fast  Ethernet  Ports  plus  2  Gigabit  Uplinks  (2  Copper 
and  2  SFP  Transceiver  Combo  Slots  for  Fiber) 

•  Stacking  Functionality  of  Up  to  192  Ports 

•  Advanced  Network  Management  and  Security  Features 

•  Industry  Standard  CLI  and  Easy-to-Use  Web  Interface 

•  3-Yr  Next  Business  Day  Advanced  Exchange 
Service53  Standard 


$499 


as  low  as  $14/mo.,  (46  pmts?1) 

E-VALUE  Code:  20272-S11204 


If  you  have  more  than  300GB  of  storage,  visit 

www.dell.com/storage4mybiz  for  low  prices  on 
Dell/EMC  storage  arrays. 


Solutions  that  fit. 


Easy  as 


D*LL 


Click  www.dell.com/bizsolutions 


Call  1-877-719-3355 

toll  free 


not  to  exceed  $25  OOO  If  your  order  exceeds  S25K.  a  Dell  Financial  Services  rep  will  contact  you  to  process  your  documentation.  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary.  Not  valid  on  past  orders  or  financing  QuickLoan  arranged  by  CIT  Bank  to  Small  Business 
customers  with  approved  c'edn  "This  term  indicates  compliance  with  IEEE  standard  802  3ab  for  Gigabit  Ethernet,  and  does  not  connote  actual  operating  speed  of  IGB/sec.  For  high-speed  transmission,  connection  to  a  Gigabit  Ethernet  server  and  network  infrastructure  is  required 
“Technician  replacement  part  oi  unit  (depending  on  service  conuacl)  will  be  dispatched,  if  necessary,  lollowing  phone-based  troubleshooting  in  advance  of  receipt  of  returned  defective  unit.  Service  may  be  provided  by  third-party  provider  Subject  to  parts  availability,  geographical 
restrictions  and  terms  ol  service  contract.  Service  timing  dependent  upon  time  of  day  call  placed  to  Dell  Defective  unit  must  be  returned.  Replacements  may  be  refurbished  U.S.  only  Dell,  the  stylized  E  logo.  E  Value.  PowerEdye.  PowerConnect  and  PowerVault  are  trademarks  of 
Dell  Inc  Intel.  Intel  Inside,  the  Intel  Inside  logo.  Intel  Xeon.  the  Intel  Xeon  logo ,  Pentium  and  Celeron'&e  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  ©2003  Dell  Inc  All  rights  reserved 
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GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


This  week  we  will  wrap  up  some  of  the 
technical  delights  of  how  VMware 
works  and  conclude  with  a  higher- 
level  look  at  where  this  product  fits  into  IT 
operations. 

On  the  technical  side,  one  thing  we 
haven’t  covered  is  what  it  takes  to  run  VM¬ 
ware.  Because  all  the  virtual  machines  are 
sharing  the  same  processor  there’s  no  such 
thing  as  too  many  cycles.  VMware  recom¬ 
mends  you  have  at  least  a  500-MHz  proces¬ 
sor.  We  found  that  a  2.4-GHz  Pfentium  4  pro¬ 
vided  excellent  performance. 

There  are  a  few  processors  not  supported 
by  VMware,  including  the  Transmeta 
Crusoe  ( see  www.nwfusion.com,  Doc- 
Finder:  6730),  because  they  don’t  imple¬ 
ment  “certain  processor  instructions.” 

If  you’re  going  to  run  a  bunch  of  guest 
operating  systems  you  will  need  lots  of 
memory  If  your  host  operating  system  is 
Linux  you  will  need  at  the  very  least  64M 
bytes  (in  reality  192M  bytes  is  more  practi¬ 
cal)  plus  whatever  the  minimum  require¬ 


Beware . . .  there's  more  VMware! 


ments  are  for  each  guest  operating  system 
running  simultaneously  We  ran  VMware 
with  2G  bytes  of  RAM  and  we  were  com¬ 
fortable.  The  maximum  memory  that 
VMware  can  allocate  to  an  individual  vir¬ 
tual  machine  is  1G  byte. 

Obviously  you  will  need  a  graphics  adap¬ 
ter,  and  VMware  recommends  a  16-bit  dis¬ 
play  adapter.  But  you  can  squeeze  by  with 
anything  greater  than  an  eight-bit  adapter. 
An  additional  requirement  for  Linux  hosts 
is  an  X  server  such  as  XFree86  that  meets 
the  XI 1R6  specification. 

Basic  installation  requires  disk  space,  and 
you  will  need  100M  bytes  for  Windows 
hosts  but  only  20M  bytes  for  Linux  hosts. 
You  also  will  need  at  least  1G  byte  of  disk 
space  for  each  guest  operating  system  (the 
actual  disk  space  needed  will  be  roughly 
the  same  as  the  normal  requirements  for 
installing  and  running  each  guest  operat¬ 
ing  system  and  its  applications).  For 
VMware’s  list  of  VMware  Workstation  re¬ 
quirements  see  DocFinder:  8731. 

VMware  also  offers  enterprise  and  data 
center-oriented  products  with  GSX 
Server  and  ESX  Server,  which  support 
partitioning  and  isolation  of  server  re¬ 
sources  with  remote  management  and 
automatic  provisioning. 

Designed  for  large  systems,  VMware  GSX 


Server  runs  on  Windows  2003  Server,  Web, 
Standard  and  Enterprise  Editions;Windows 
2000  Server,  Advanced  Server  and 
Datacenter  Server;  and  Windows  NT  Server 
4.0.  It  supports  up  to  64G  bytes  of  host 
memory,  32  host  processors  and  64  pow¬ 
ered-on  virtual  machines,  along  with  up  to 
14  virtual  SCSI  devices  and  shared  cluster 
virtual  disks  up  to  128G  bytes  in  size. 

Similarly  scaled,  the  VMware  ESX  Server 
does  not  use  a  host  operating  system  —  it 
runs  directly  on  the  hardware  and  can  be 
extended  by  VMware  Virtual  SMR  an  add¬ 
on  module  to  VMware  ESX  Server  that  lets 
a  single  virtual  machine  span  multiple 
physical  processors  creating  a  symmetric 
multiprocessing  environment. 

VMware  P2V  Assistant  is  a  migration  tool 
that  captures  an  existing  operating  system 
installation  and  moves  it  into  a  VMware  vir¬ 
tual  machine.  This  lets  you  migrate  a  work¬ 
ing  system  onto  any  system  running  VM¬ 
ware  —  all  VMware  virtual  hardware  looks 
the  same  to  a  virtual  machine. 

And  if  you’re  running  a  data  center  with 
ESX  Servers  you  can  use  VMware  Virtual- 
Center  to  pool  your  virtual  machines  into 
one  management  interface  —  a  dash¬ 
board  of  virtual  machines  showing  system 
availability  and  performance  and  pro¬ 
vides  automated  event  notifications  with 
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e-mail  alerting. VirtualCenter  also  has  inte¬ 
grated  access  control  with  Windows 
authentication. 

VirtualCenter  includes  VMotion,  which 
lets  you  migrate  running  virtual  machines 
from  one  physical  server  to  another  on  the 
same  storage-area  network  without  service 
interruption. 

VMotion  provides  “zero-downtime  main¬ 
tenance”  by  letting  you  move  servers  with¬ 
out  disrupting  user  sessions  while  you  ser¬ 
vice  the  supporting  hardware.  The  poten¬ 
tial  of  these  products  to  simplify  data  cen¬ 
ter  operations  is  fantastic. 

VMware  Workstation  is  a  must-have  for  IT 
and  development  folks.The  snapshot  fea¬ 
ture  makes  testing  on  a  known  platform 
simple,  and  it’s  nice  to  know  that  you  are 
safe  should  the  software  in  a  virtual 
machine  under  VMware  crash  or  go  hay¬ 
wire  and  try  to  reformat  every  disk  in  sight. 

VMware  Workstation  costs  $299  as  an 
electronic  distribution  and  $329  as  a  pack¬ 
aged  distribution,  while  VMware  GSX 
Server  costs  $3,025  for  two  processors  and 
$6,050  for  four  processors.  Pricing  for 
VMware  VirtualCenter  and  ESX  Server  is 
per  application. 

Outstanding  thoughts  to  gearhead@ 
gibbs.com. 


Cool 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Finding  gold  at  Comdex 


Unlike  trade  shows  such  as 
the  Consumer  Electronics 
Show  or  the  CT1A  mobile 
phone  extravaganza,  Comdex  gen¬ 
erally  tends  to  be  low  on  the 
“cool  stuff”  radar  screen.  Still,  if 
you  look  long  enough  and 
dig  through  the  maze  of 
vendors,  you’ll  find  a 
few  gems.  Here  are 
some  we  found: 

APC’s  Mobile  Wireless 
router:  Imagine  you’re 
with  a  group  of  colleagues  and 
you  go  to  a  hotel  that  offers  high-speed 
broadband  Internet  in  the  room.  At  $10  or  more  per 
person,  the  Internet  access  can  add  up.  APC’s  Mobile 
Wireless  router  lets  road  warriors  take  one  connection  and 
turn  it  into  many,  through  the  use  of  a  device  that  acts  like 
a  wireless  LAN  (WLAN)  access  point  with  a  built-in 
Dynamic  Host  Configuration  Protocol  server.  The  router 
takes  the  static  IP  address  from  the  hotel’s  broadband 
access  and  then  distributes  other  IP  addresses  dynamical¬ 
ly  to  those  within  the  range  of  the  WLAN  router. The  device 
is  an  accessory  to  the  company’s  outstanding  TravelFbwer 
Case,  a  laptop  bag  that  helps  users  keep  all  their  mobile 
devices  charged  through  one  power  source. 


APC's  Mobile  Wireless  router  helps  you 
and  your  colleagues  cut  hotel-room 
broadband  costs. 


The  same  effect  of  creating  your  own 
WLAN  in  a  hotel  can  be  done  with  a  reg¬ 
ular  wireless  router,  but  the  APC  device 
is  so  small  that  it’s  extremely  easy  to 
carry  It  costs  $70.  Go  to  www.apc.com 
for  more  details.  The  company  also 
showed  us  a  $60  biometrics  fingerprint 
scanner  for  home  users  that  can  store 
multiple  passwords,  and  the  backpack 
version  of  the  Travel¬ 
Fbwer  Case. 

Anystream’s  Apreso  2003  for 
PowerPoint:  FbwerFbint  is  the  stan¬ 
dard  for  presentation  software,  but  it’s 
often  very  dull  to  watch  a  slide  show 
(even  painful  if  the  presenter  tries  to  add 
animation).  We’ve  seen  several  attempts 
at  adding  audio  and  video  to  presenta¬ 
tions,  but  the  effort  has  always  seemed 
too  difficult  to  do.  Until  now. 

Anystream’s  Apreso  2003  for  Fbwer¬ 
Fbint  (formerly  known  as  Agility  Pre¬ 
senter)  lets  users  give  their  presenta¬ 
tions  with  video  (via  any  PC  Webcam) 
and  audio  (through  a  microphone  or 
headset).  Users  watching  the  presenta¬ 
tion  can  pause, skip  slides  or  go  back,  and 
the  audio  and  video  immediately  pick  up 
where  the  user  goes. 


Content  creators  can  quickly  upload  the  finished  pre¬ 
sentation  to  a  server  or  hosted  online  site,  or  users  can 
e-mail  or  instantly  burn  the  presentation  to  a  CD. The  soft¬ 
ware  costs  $149  (or  $99  for  an  audio-only  version). 

This  can  be  a  great  tool  for  trainers  and  others  who  give 
lots  of  presentations  and  don’t  need  the  interactivity  that 
live  presentations  sometime  have.  For  those  who  have  to 
sit  through  presentations,  watching  video  and  listening  to 
audio  can  be  a  step  up  from  the  normal  grind  of  a  slide 
show.  Go  to  www.apreso.com  for  more  information. 

IBM’s  L190p  flat-panel  monitor.  IBM  expanded  its  line  of 
ThinkVision  monitors  with  the  L190p,  a  19-inch  flat  panel 

LCD  device.The  monitor 
costs  $779  and  is  avail¬ 
able  at  the  IBM  Web  site. 
The  monitor  supports  a 
1,280  by  1,024  resolution, 
a  500-to-l  contrast  ratio, 25- 
mi  llisec  response  time  and 
a  1 70<fegree  viewing  angle. 
It  has  a  swivel,  tilt  and  lift 
function  to  provide  the  best 
possible  viewing  angle  for 
users,  IBM  said. 

The  company  also  has  a  20- 
inch  model. 

Shaw  can  be  reached  at 
kshaw@nww.  com. 


IBM's  L190p  flat-panel  monitor 
swivels,  tilts  and  lifts  for  better 
viewing. 


Guglielmo  Marconi  did  RF  well. 

But,  in  Wireless  LAN  Systems,  no  one  does  RF  as  well  as  Airespace. 


Airespace  believes  it's  essential  for  a  Wireless  LAN  system  to 
dynamically  monitor  for  noise,  interference,  and  rogues  -  without 
extra  access  points  being  required.  The  missing  piece  for 
Wireless  LAN  performance  is  the  ability  to  change,  to  adapt 
dynamically  to  the  wireless  environment  -  and  to  do  it  without 
hiring  a  lot  of  RF  engineers  into  your  enterprise. 

With  an  Airespace  Wireless  LAN  System,  the  network  remains  in 
service  without  any  noticeable  performance  degradation,  even 
when  dynamic  power  control,  channel  assignment  and  load 
balancing  are  keeping  your  network  optimized.  So  there  are  no 
network  outages  when  you  are  placing  a  phone  call  across  an 
Airespace  network.  Ever. 


And  Airespace's  network  management  system  provides  a  total 
view  of  the  entire  RF-domain  allowing  you  to  generate  reports, 
view  and  monitor  real  events,  and  manage  your  entire  Wireless 
LAN  network.  We  can  also  detect  RF  attacks  on  your  network 
and  "blacklist"  questionable  users. 

With  Airespace,  the  RF  engineer  comes  in  the  system. 

Find  out  more  about  Airespace's  Wireless  LAN  Systems  RF  capa 
bilities  by  logging  on  to  our  web  site,  www.airespace.com/RF 
because  no  one  does  RF  like  Airespace. 


(airespace 

The  Standard  for™Wireless  LANs 


www.airespace.com 


I  AM  A  CISCO 

CATALYST  6500. 


I  AM  A  SNARLING 
PACK  OF 
DOBERMANS. 

I  AM  INTEGRATED  SECURITY.  I  HAVE  THE  POWER  TO  PROTECT 
YOUR  NETWORK  FROM  THE  INSIDE,  THE  OUTSIDE  AND  FROM 
EVERYWHERE  IN  BETWEEN.  I  ALWAYS  KNOW  WHO  IS  ON  THE 
GUEST  LIST  AND  HAVE  THE  POWER  TO  DENY  THOSE  WHO  AREN'T 
ON  IT.  I  SNIFF  OUT  THREATS  SO  YOU  CAN  STAY  PRODUCTIVE.  I  AM 
MORE  THAN  A  CISCO  CATALYST  6500. 


THIS  IS  THE  POWER  OF  THE  NETWORK.  IIOW. 


Cisco  Systems 


cisco.com/securitynow 
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EDITORIAL 

Bob  Brown 

Answering  the 
big  question: 
Howto? 

Journalists  learn  early  on  that  each  story  they  write 
needs  to  address  the  five  W’s  and  the  H:  Who,  what, 
where,  when,  why  and  how. 

We  won’t  ignore  the  five  W’s  in  this  issue  but  we  will  give 
the  H  some  extra  attention.  Our  HowTo  special  section, 
starting  on  page  42,  is  dedicated  to  helping  you  figure  out 
how  to  get  from  here  to  there. 

For  instance,  we  start  the  section  with  a  road  map  to  the 
new  data  center. Vendor  pro¬ 
nouncements  about  grid,  utili¬ 
ty  and  on-demand  computing 
are  alluring,  although  far  heav¬ 
ier  on  promises  than  actual 
products  at  this  point. 

In  other  words,  now  is  the 
time  to  put  your  strategy  in 

place  rather  than  necessarily  rushing  whatever  new  prod¬ 
ucts  are  available  into  your  network.There’s  plenty  to  think 
about.As  analyst  Jasmine  Noel  tells  us, “Utility  computing 
does  not  exist  in  a  vacuum,”  meaning  that  this  is  an  area 
that  requires  investigating  things  from  many  angles. 

Other  topics  covered  in  the  special  section  no  doubt 
have  your  attention  today.  Namely,  how  to  fight  spam  and 
patch  your  software.  While  most  large  companies  already 
have  practices  in  place  to  address  these  issues,  there’s 
plenty  of  room  for  improvement  and  lots  of  new  technol¬ 
ogy  developments  to  consider. 

Before  installing  a  new  spam-fighting  product,  for 
instance, one  security  administrator  says:“Users  were 
spending  more  time  identifying  spam  on  their  own  than 
doing  actual  work.” 

On  the  patching  front,  it’s  not  just  about  keeping  up  with 
Microsoft’s  security  oversights.  Unix,  Linux  and  other  oper¬ 
ating  systems  haven’t  escaped  unscathed  by  hackers  and 
virus  writers,  either.  We  spoke  with  a  handful  of  network 
executives  willing  to  share  their  experiences  and  advice. 

You  may  or  may  not  be  syncing  up  storage-area  network 
islands  or  moving  aggressively  into  wireless  LANs.  But  if 
you  are,  we’ve  got  some  pointers. 

We  also  spoke  with  Hank  Levine,  a  lawyer  who  has  been 
going  to  bat  for  big  telecom  users  for  years.  He  offers 
ideas  for  getting  the  upper  hand  in  negotiations  with  your 
carriers. 

Recognizing  that  you’ll  never  be  satisfied  with  the  net¬ 
work  vou  have,  even  though  you  might  not  have  big 
bucks  to  revamp  it,  we  also  tick  off  eight  ways  to  add 
oomph  to  your  infrastructure. 

We  h<  >pe  you  find  the  package  useful  —  and  that  we’ve 
actually  answered  more  questions  than  we’ve  raised. 

—  Bob  Brown 
Executive  news  editor 
bbrown@nww.  com 


www.nwfusion.com 


opinions 


Blame  game 

I  disagree  with  the  analogy  Dave  Kearns  uses  in  his 
column  “Looking  for  blame  in  all  the  wrong  places” 
(www.nwfusion.com,  DocFinder:  8722).  If  someone 
breaks  into  my  car,  that  person  is  the  bad  guy.  If  Ford 
tells  me  my  car  has  locks,  and  I  lock  the  car,  but  any¬ 
one  with  any  car  key  can  open  my  doors,  then  Ford 
is  at  fault. 

If  Ford  tells  me  that  the  fix  is  to  stand  on  one  foot, 
whistle  the  French  national  anthem  and  touch  my 
nose  with  my  tongue  while  locking  the  door,  then 
sorry  Ford  is  still  at  fault,  because  this  solution  is 
unreasonable  and  not  easily  accomplished. 

Tom  Matthews 
Senior  consultant 
Technology  Plus 
Aurora,  Colo 

Trained  not  to  complain 

Regarding  Mark  Gibbs’  Backspin  column  “Processes 
and  improbabilities”  (DocFinder:  8723):  Gibbs’  com¬ 
ment  about  automated  corporate  telephone  and  e- 
mail  systems  “training  us  not  to  complain”  is  on  the 
mark.  Because  of  today’s  business  climate,  compa¬ 
nies  often  have  to  automate  customer  service  func¬ 
tions  to  reduce  staffing  costs,  which  is  understand¬ 
able.  At  the  same  time,  many  organizations  tie  pay 
increases  and  bonuses  to  indicators  such  as  number 
of  complaints. Why,  there  is  a  match  made  in  heaven! 
Most  people  will  not  complain  if  they  feel  their  com¬ 
ments  are  not  being  heard  —  so  disengaged  cus¬ 
tomers  actually  can  skew  quality  indicators  to  make 
companies  look  better  at  customer  service  than 
they  really  are. 

The  other  thing  is  that  many  companies  are  out¬ 
sourcing  their  customer  feedback  systems,  so  there 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 


is  no  telling  how  many  filters  a  comment  goes 
through  before  it  gets  to  someone  who  can  actually 
change  a  problematic  business  process  or  policy 

Tom  Lee 
Georgetown,  S.C. 


Protecting  U.S.  jobs 

Regarding  your  “Face-off”  on  whether  the  U.S.  gov¬ 
ernment  should  do  more  to  protect  IT  jobs  (Doc¬ 
Finder:  8724):  During  the  early  1980s,  approximately 
90%  of  my  company’s  business  resulted  from  off¬ 
shore  contracts.  Following  Matthew  Biggs’  logic,  the 
countries  I  did  business  in  should  have  banned  us. 

Also,  our  country  can  produce  highly  skilled  tech¬ 
nical  workers.  However,  we  cannot  make  people  go 
into  professions  they  don't  care  for. 

Globalization  has  produced  far  more  jobs  than  it 
has  eliminated.  However,  we  must  be  adaptable 
because  the  mix  of  jobs  is  constantly  changing. 
Remember,  there  is  not  much  demand  for  buggy 
whip  makers  today 

Andrew  Olson 
Managing  director 
TEAM  International  Group 
Gainesville,  Fla. 

In  hard  times,  it  is  easy  to  see  why  a  company  would 
want  to  discard  high-paid  positions.The  value  of  the 
technology  and  the  technological  professional  that 
maintains  it,  is  questionable.  As  Scott  Turner  points 
out,  on-site  maintenance  personnel  are  the  only 
essential  positions. 

I  have  experienced  offshore  technical  support  and 
find  it  useless.  I  have  been  transferred  to  support  per¬ 
sonnel  in  other  countries  and  have  hung  up  on  so- 
called  engineers  who  can’t  speak  my  language 
clearly  enough  to  comprehend  or  express  the 
already-technical  IT  jargon. 

„  Seth  Buffington 
Irving, Texas 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  8721 
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STAYING  CONNECTED 

Edward  Horrell 

Tis  the  season  to  be  paid  off 

■  recently  got  a  call  from  a  colleague  who  sells  to  the  technology 

1  sector.  He  asked  how  to  respond  to  a  customer’s  request  asking 

9  each  of  its  vendors  to  make  a  substantial  donation  to  the  cus¬ 
tomer’s  IT  department  Christmas  party.  My  friend’s  firm  wouldn’t 
pony  up  the  bucks  and  he  was  concerned  that  this  might  adversely 
affect  its  relationship  with  the  customer. 

As  an  adviser  to  providers  and  buyers  of  high-tech  products  and 
services,  1  frequently  hear  stories  like  this  regarding  customers  and 
prospects  putting  the  squeeze  on  vendors  to  come  up  with  cash, tick¬ 
ets,  donations  . . .  you  name  it.  This  obviously  puts  the  vendor  in  a 
tough  situation  and  creates  an  uneven  playing  field  for  companies 
that  are  attempting  to  keep  margins  acceptable  while  keeping  prices 
competitive. 

picking  up  the  lunch  tab  for  the  customer  and  his  friend.  Dessert, 
anyone? 

•  A  vendor  reserved  a  box  at  a  baseball  game  for  a  customer  event 
and  asked  that  customers  RSVR  as  tickets  would  be  available  on  a 
first-come,  first-serve  basis.  A  major  customer  that  had  ignored  the 
respond-by  date  called  to  request  seats  in  the  box. Told  that  the  box 
was  full  but  regular  tickets  were  available,  the  customer  declined  to 
attend  the  event.  Foul  ball! 

•  A  customer  called  to  take  a  vendor  up  on  an  invitation  for  golf 
and  drinks  at  the  vendor’s  private  club.The  vendor  was  delighted  and 
asked  when  he  could  set  up  the  round. The  customer  replied  that  he 
would  take  care  of  that,  and,  by  the  way,  the  vendor  wasn’t  invited  to 
play,  just  pay  for  the  round  and  drinks.  Fore! 

It's  not  right  to 
pound  vendors  to 
slash  prices  and 
then  expect  them 
to  come  across 
evei7  time  you 
think  you  need  to 
be  entertained. 

Let  me  make  it  clear  that  I  have  no  objection  to  unsolicited, 
thoughtful  holiday  gifts  to  customers.That  is  a  part  of  doing  business. 
But  I  have  a  problem  with  customers  soliciting  such  gifts  from  their 
vendors. 

Here  are  a  few  of  my  favorite  examples: 

•  The  local  office  of  a  national  company  planned  a  meeting  for 
important  prospects  that  included  the  vendor  ordering  lunch  for  the 
meeting. The  meeting  was  canceled  that  morning,  but  the  company 
asked  that  the  lunch  be  sent  over  anyway.  Bon  appetit! 

•  A  sales  rep  lunching  at  a  restaurant  spotted  an  employee  from 
one  of  his  company’s  major  customers.  The  customer  was  having 
lunch  with  someone  whom  the  sales  rep  didn’t  know,  but  he  stopped 
by  the  table  and  said  a  polite  “hello”  nonetheless.  Later  that  day  the 
sales  rep  received  an  e-mail  from  the  customer  criticizing  him  for  not 


C’mon  customers,  lighten  up!  It’s  not  right  to  pound  vendors  to 
slash  prices  and  then  expect  them  to  come  across  every  time  you 
think  you  need  to  be  entertained. 

A  better  way  would  be  to  simply  let  your  current  and  prospective 
vendors  know  what  is  expected  of  them.  If  you  expect  donations  to 
the  Christmas  party  let  them  know  upfront. Tickets  to  the  ball  game, 
ditto.  Give  them  an  opportunity  to  build  it  into  their  rates.  Even  better 
would  be  a  policy  that  says,  “Thanks,  but  we  don’t  allow  corporate 
gifts  from  vendors.” 

Happy  holidays. 

Horrell  is  an  independent  telecommunications  consultant,  speaker 
and  author  in  Memphis,  Tenn.  He  can  be  reached  at  www. 
edhorrell.com. 


CACHE  ADVANCE 

Linda  Musthaler 


Deception  is  harder  in  a  digital  world 


ne  quick  scan  of  the  business  press  will 
tell  you  that  on-the-job  ethics  seem  to 
be  at  an  all-time  low.  In  case  after  case, 
big  executives  are  caught  in  their  webs  of  cor¬ 
porate  deception.  But  the  irony  is  that  it  is 
becoming  incredibly  difficult  to  lie,  cheat  and 
steal  in  a  digital  world. 

Computers  seem  to  capture  our  every  move  on  the  job  these  days, 
recording  subtle  transactions  or  activities  that  can  come  back  later  to 
haunt  you.  In  most  cases,  an  employer  has  the  right  to  know  how  you 
make  use  of  company-owned  resources,  including  your  time  while  at 
work.This  monitoring  isn’t  necessarily  a  bad  thing,  as  long  as  it  doesn’t 
get  abusive  or  interfere  with  an  individual’s  right  to  privacy 

Take  e-mail,  for  example.  Most  employees  understand  that  their  busi¬ 
ness  e-mail  accounts  are  a  corporate  resource, provided  by  the  employ¬ 
er  as  a  tool  to  get  one’s  work  done. That  doesn’t  stop  people  from  using 
company  e-mail  to  exchange  all  sorts  of  information  that  has  nothing 
to  do  with  a  company’s  business.  Many  employers  will  tolerate  a  small 
amount  of  innocent  misuse,  letting  people  conduct  social  transactions 
such  as  sending  a  quick  personal  note  to  a  friend,  photos  of  the  new 
baby  to  family  members,  and  so  on. 

Increasingly, however, companies  are  monitoring  e-mail  using  content 
filters,  and  I’m  not  talking  about  weeding  out  spam.  Suspicious  mes¬ 
sages  passing  through  a  content  filter  can  be  trapped  and  acted  on 
appropriately  very  often  without  the  employee’s  knowledge.Sometimes 
the  consequences  aren’t  pleasant. 

1  know  of  one  instance  where  an  employee  lost  her  job  through  her 
own  lack  of  integrity  (and  common  sense).  She  arranged  an  interview 
with  a  competitor  using  her  then-current  employer’s  e-mail  system.  A  fil¬ 
ter  trapped  the  note  and  forwarded  it  to  human  resources  and  to  her 
manager,  who  noted  that  she  called  in  sick  on  the  day  of  the  planned 
interview.  When  she  returned  to  work  the  next  day,  the  manager  asked 
her  whereabouts  on  the  previous  day.  When  the  employee  said  she  was 


at  home,  sick,  the  manager  produced  the  e-mail  proving  the  arrange¬ 
ments  for  the  interview.  Admitting  her  deception,  the  employee  was  dis¬ 
missed  for  misuse  of  company  e-mail  and  lying  about  her  use  of  com¬ 
pany-paid  time. 

Digitally  monitoring  employees  at  work  is  becoming  more  pervasive 
as  employers  grow  concerned  about  increasing  productivity  1  just  read 
about  a  law  firm  that  makes  its  office  workers  “punch  in”  by  placing  a 
thumb  on  a  biometric  reader  each  time  an  employee  enters  or  leaves 
the  office.  One  secretary  admitted  that  it  forced  her  to  be  more  mind¬ 
ful  of  the  length  of  her  lunch  breaks,  knowing  she  could  be  docked  for 
extra  time  spent  out  of  the  office.  While  employees  might  resent  the 
oversight,  companies  have  the  right  to  know  people  are  present  during 
the  time  they  are  being  paid  to  be  there. 

As  the  technical  professionals  responsible  for  deploying,  managing 
and  perhaps  even  monitoring  the  systems  that  keep  track  of  employ¬ 
ees,  I’m  not  sure  we  do  enough  to  make  people  aware  they  are  being 
watched.  Yes,  there’s  that  splash  screen  that  pops  up  when  someone 
logs  on  to  the  network  that  says  “this  system  is  for  company  use  only’ 
implying  acceptance  of  the  policy  when  continuing  on.  People  might 
read  it  the  first  time  they  get  onto  the  network,  but  mostly  it’s  an  annoy¬ 
ing  screen  that  slows  down  the  logon  process. 

I’d  like  to  see  more  companies  have  regular  employee  training  about 
the  implications  of  digital  monitoring. You  don’t  have  to  reveal  all  the 
techniques  you  use  to  monitor  people,  but  you  should  make  them 
aware  that  virtually  nothing  they  do  on  a  computer  is  private.  While 
browsing  eBay  during  lunch  isn’t  illegal,  it  still  isn’t  right,  if  the  employ¬ 
er  has  said  this  is  inappropriate  use  of  the  company  network.The  idea 
is  not  to  frighten  employees,  or  to  make  them  paranoid  about  Big 
Brother,  but  to  enlighten  them  about  company  policy  and  the  expecta¬ 
tions  for  responsible  use  of  the  computer  network. 

Musthaler  is  vice  president  of  Currid  cS  Company,  a  Houston  tech¬ 
nology  assessment  firm.  She  can  be  reached  at  linda@currid.com. 
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a  quarterbacks  opportunity  to  change  his 
strategy  after  seeing  the  defense  line  up  on 
the  field.  A  slew  of  vendors  —  advocates  of 
so-called  utility  computing  —  are  promis¬ 
ing  to  give  IT  executives  the  tools  to  like¬ 
wise  deploy  IT  resources  on  the  fly  as  busi¬ 
ness  conditions  change. 

In  theory,  utility  computing  gives  man¬ 
agers  greater  utilization  of  data-center  re¬ 
sources  at  lower  operating  costs.  At  their 
disposal  will  be  flexible  computing, storage 
and  network  capacity  that  can  react  auto¬ 
matically  to  changes  in  business  priorities. 
The  data  center  of  the  future  also  will  have 
self-configuring,  self-monitoring  and  self- 
healing  features  so  managers  can  reduce 
today’s  manual  configuration  and  trou¬ 
bleshooting  chores,  advocates  say 

The  allure  of  utility  computing  is  easy  to 
see,  but  there’s  no  clear  road  map.  Getting 
there  requires  an  approach  that  encom¬ 
passes  network  gear,  servers,  software,  ser¬ 
vices  and  IT  governance.  It  also  requires 
balancing  the  maintenance  of  existing  IT 
resources  with  strategic  new  investments. 

Having  a  clear  picture  of  what  already 
has  been  deployed  is  crucial  before  com¬ 
panies  start  to  roll  out  new,  intelligent  de- 
vices.This  might  sound  obvious,  but  experts 
say  it’s  not  always  done. 

Gartner  analyst  John  Phelps  says  many 
companies  don’t  know  where  all  their 
servers  are  located,  who  controls  and  owns 
them,  and  the  main  functions  and  applica¬ 
tions  running  on  them. 

Companies  also  don’t  have  a  clear  pic¬ 
ture  of  how  their  IT  assets  relate  to  each 
other.  For  example,  one  e-business  transac¬ 
tion  might  depend  on  data  culled  from  sev¬ 
eral  applications  running  on  different  plat¬ 
forms  in  multiple  locations.  Figuring  out 
these  sorts  of  dependencies  is  a  prerequi¬ 
site  of  higher  level  computing,  analysts  say. 

“Utility  computing  does  not  exist  in  a 
vacuum,”  says  Jasmine  Noel,  principal  with 
JNoel  Associates.The  only  way  to  do  it  is  to 
first  understand  the  relationships  between 
hardware  and  software  resources  deliver¬ 
ing  a  particular  business  service.  Inventory 
discovery  and  relationship  mapping  are 
the  keys  to  starting.” 

While  companies  focus  on  the  funda¬ 
mentals,  vendors  are  working  to  create  in¬ 
telligent  devices,  management  tools  and 
services  for  utility  consumption.The  field  is 
crowded, weighted  by  HPIBM  and  Sun. IBM 
uses  “on-demand”  to  describe  its  initiative. 
HP  has  its  Utility  Data  Center  lineup  and 
Sun  has  its  N1  data-center  architecture. 

Several  software  vendors  have  a  stake  in 
utility  computing,  including  management 
software  makers  such  as  BMC  Software  and 
Computer  Associates  and  storage  manage¬ 
ment  software  maker  Veritas  Software. 

There’s  plenty  of  work  to  do.  Analysts  say 


■  BY  ANN  BEDNARZ  AND  DENISE  DUBIE 


it  will  be  a  long  time  before  routers  can  re¬ 
configure  themselves, servers  can  provision 
themselves  and  applications  can  dedicate 
more  resources  to  themselves  on  the  fly 
without  human  intervention.  Building  a 
true  utility  computing  infrastructure  is  at 
least  a  seven-  to  10-year  effort,  analysts  say 

That  doesn’t  mean  companies  should 
shelve  their  plans.  There  are  plenty  of 
opportunities  to  begin  consolidating,  stan¬ 
dardizing  and  automating  data-center  re¬ 
sources  today  —  and  begin  reaping  the  re¬ 
wards  of  improved  system  management 
and  reduced  complexity. 

Management  counts 

Management  is  the  cornerstone  of  utility 
computing.  Management  software  in  the 
new  data  center  proposes  to  do  more  than 
monitor  devices;  it  will  store  and  enforce 
policies,  discover  devices,  track  changes, 
meter  usage  and  ultimately  take  action 
when  performance  degrades. 

The  challenge  will  be  capturing  end-to- 
end  systems  data  and  consolidating  it  into 
something  manageable,  says  George 
Hamilton,  a  senior  analyst  with  The  Yankee 
Group. “IT  managers  need  to  focus  on  get¬ 
ting  all  the  data  they  capture  from  instru¬ 
mentation  and  testing, and  consolidate  it  in 
one  place  so  they  can  more  effectively 
manage,”  he  says. 

But  it  won’t  be  easy.  Today,  most  compa¬ 
nies  use  multiple  management  systems  to 
collect  performance  and  availability  data, 
identify  potential  failures,  and  provision  de¬ 
vices,  applications  and  end  users.To  be  use¬ 
ful  in  an  adaptive  environment,  manage¬ 
ment  systems  must  evolve  beyond  islands 
of  expertise. 

“It’s  a  challenge  to  get  multiple  systems 
optimized  and  running  and  tied  together. 
Anybody  looking  at  utility  computing 
should  try  to  find  a  vendor  that  has  a  com¬ 
prehensive  solution  that  can  help  people 
tie  the  pieces  together  says  Bob  Ackerly, 
president  of  Smith  and  Associates.  The 
Houston  semiconductor  company  uses 
Vieo’s  Adaptive  Application  Infrastructure 
Management  (AAIM)  appliance  to  monitor 
about  40  servers  in  its  data  center. 

Some  vendors  are  working  to  make  prod¬ 


ucts  more  cooperative.  For  example,  BMC 
recently  partnered  with  security  vendor 
Symantec  and  storage  leader  EMC  to  share 
management  data  across  systems. Similarly 
Cisco  and  IBM  recently  signed  a  deal  in 
which  the  two  will  develop  a  common  way 
to  detect,  log  and  resolve  system  problems. 

Vendors  also  are  developing  manage¬ 
ment  tools  that  not  only  watch  devices  but 
also  monitor  distinct  business  functions. 
Concord  Communications,  Mercury  Inter¬ 
active  and  Micromuse  have  begun  to 
develop  their  software  tools  to  track  the 
success  and  failure  of  business  processes. 

Following  the  path  of  a  business  process 
means  crossing  Web  and  application 
servers,  databases,  storage  devices  and  the 
routers  that  direct  traffic.  To  adequately 
track  the  path,  the  software  first  must  find 
relationships  between  data-center  compo¬ 
nents;  map  those  relationships  into  a  logi¬ 
cal  topology;  and  configure  the  devices  to 
report  on  how  they  perform,  change  and  re¬ 
spond  to  application  requests,  Noel  says.“it 
can  be  a  mess  unless  some  smart  opera¬ 
tions  planning  is  done  upfront.” 

Gear:  Simplify  and  consolidate 

If  moving  to  a  utility  computing  model 
required  IT  executives  to  abandon  their 
existing  infrastructure  and  start  from 
scratch,  there  likely  would  be  very  few  tak¬ 
ers.  Fortunately  industry  watchers  say,  com¬ 
panies  can  find  inexpensive  ways  to  incre¬ 
mentally  add  components  of  an  adaptive 
data  center  to  existing  setups. 

For  example,  today’s  routers,  switches, 
servers  and  storage  devices  can  do  more 
than  their  standard  tasks  in  the  data  center 
—  if  instrumented  correctly.  Vendors  such 
as  Cisco,  HP  and  IBM  today  deliver ‘intelli¬ 
gent’  devices  that  can  provide  information 
critical  to  their  state.  These  features  could 
let  them  perform  self-diagnosis, self-healing 
and  self-managing  tasks,  shortening  the 
time  it  takes  administrators  to  identify  and 
resolve  potential  problems. 

“Enterprise  companies  can,  through  attri¬ 
tion,  introduce  and  embed  these  intelligent 
devices  that  have  self-managing  features 
into  the  network  fabric," says  Ahmar  Abbas, 
managing  director  at  research  firm  Grid 
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It’s  called  grid,  utility  or  on-demand,  but  it’s  all  about  the  same  thing:  Creating 
computing  infrastructures  that  can  dynamically  change  tasks  as  processing 
needs  ebb  and  flow.  It’s  a  grand  vision,  but  getting  there  won’t  be  easy.  Here’s 
how  to  start. 


Technology  Partners.  As  new  or  existing 
projects  necessitate  hardware  purchases,  IT 
managers  should  invest  in  equipment  with 
automated  data  collection  and  export  fea¬ 
tures, which  could  eliminate  the  need  for 
future  instrumentation  on  the  devices, 
Abbas  says. 

Equipment  consolidation  is  another 
strategic  move  to  consider.  Managers  can 
decrease  the  number  of  physical  servers 
they  maintain  by  combining  applications 
into  fewer,  larger  multiprocessor  servers,  or 
merge  their  storage  into  pools  that  can  be 
managed  from  one  interface.  “A  company 
can’t  get  to  a  dynamic  environment  if  it 
doesn’t  get  rid  of  some  of  the  hodgepodge,” 
says  Mary  Johnston  Turner,  vice  president  at 
Summit  Strategies. 

Mark  McNamara,  IT  director  at  Weight- 
Watchers.com,  says  thinning  out  the  num¬ 
ber  of  servers  is  an  attractive  option,  but 
vendors  need  to  enable  virtualization 
beyond  storage  and  servers  for  utility  com¬ 
puting  to  take  off.  The  New  York  company 
recently  started  working  with  BladeLogic 
to  automate  server  provisioning. 

“Hardware  vendors  are  laying  the  ground¬ 
work,  but  the  initiative  will  need  more  sup¬ 
porters,”  McNamara  says.“Virtualization  will 
need  hardware,  software,  network  and  stor¬ 
age  vendor  support.” 


Prune  those  apps 

Companies  also  need  to  consolidate 
applications.  As  companies  move  toward 
simpler,  standardized  hardware,  they  also 
should  consider  who  their  key  software 
providers  are  so  that  any  platform  deci¬ 
sions  made  —  such  as  cutting  the  number 
of  different  operating-system  variants  and 
release  levels  to  reduce  complexity  and 
cost  —  don’t  preclude  using  those  vendors’ 
applications, Turner  says. 

Companies  should  consider  defining  and 
implementing  standards  in  areas  such  as 
database  management  systems,  applica¬ 
tion  interfaces,  development  languages 
and  middleware,  Gartner’s  Phelps  says. 
Many  companies  are  bogged  down  with 
multiple  directories,  data  repositories  and 
rogue  Web  servers  —  often  the  result  of 
departmental  initiatives  undertaken  in  the 
absence  of  corporate-wide  system  stan¬ 
dards.  Paring  down  the  number  of  applica¬ 


tions  will  improve  system  management 
and  reduce  complexity, Turner  says. 

Likewise,  technologies  such  as  identity 
management  can  simplify  operations  and 
automate  redundant  IT  tasks.  Identity  man¬ 
agement  processes  are  aimed  at  creating 
and  maintaining  common  security  profiles 
across  multiple  applications  —  reducing 
the  burden  on  IT  managers  to  handle  mun¬ 
dane  tasks  such  as  resetting  passwords. 

Analysts  also  identify  opportunities  to 
gain  efficiencies  at  the  business  applica¬ 
tion  level  —  although  consolidation  is 
toughest  at  this  level,  Turner  says.  It’s  not 
uncommon  for  companies  to  support  mul¬ 
tiple  versions  of  the  same  applications, 
each  with  distinct  data  definitions.  Re¬ 
conciling  the  separate  instances  often  re¬ 
quires  re-deploying  software. 

If  companies  don’t  want  to  tamper  with 
existing  installations,  there  are  other  ways 
to  simplify  application  infrastructure.  In 
the  same  way  storage  resources  can  be 
virtually  linked  rather  than  physically  con¬ 
solidated,  companies  can  link  in¬ 
formation  to  reconcile  different  _ 

data  formats  without  tangling  with 
underlying  data  structures.  Infor¬ 
mation-integration  tools  such  as 
those  from  IBM  and  start-up  Avaki 
add  a  layer  of  abstraction  that 
makes  it  easier  for  data  elements  to 
become  part  of  shared  resources 
across  the  organization,  she  says. 

Turner  recommends  starting 
small:  Companies  should  consider 
first  migrating  the  applications 
used  by  a  portion  of  the  employee 
population  —  such  as  sales  and 
marketing  —  from  individual  servers  to  a 


—  but  not  always  easy 

“The  IT  organization  almost  has  to  be¬ 
come  social  workers,”  Turner  says.  “They 
have  to  sit  down  with  all  these  different 
business  constituencies  who  have  no  inter¬ 
est  in  making  each  other  happy  and  they 
have  to  convince  them  that  there  is  a  busi¬ 
ness  reason  and  a  business  benefit  to  them, 
to  their  little  business  silo,  of  running  on  a 
shared  architecture.  And  they  have  to 
demonstrate  that  they  can  protect  the  inter¬ 
ests  of  each  particular  business  area.” 

Lee  Adams,  vice  president  of  infrastruc¬ 
ture  services  at  Hospital  Corporation  of 
America  in  Nashville,  agrees.  “That’s  the 
hard  work  of  delivering  complete  service- 
level  management  to  the  business  process. 
You  have  to  go  out  and  pin  folks  down  in 
different  departments  and  then  take  their 
processes  and  put  them  into  the  software.” 

Lee  works  with  BMC  to  automate  service 
management  across  billing,  medication 
and  patient  applications.  He  says  inputting 
“how  people  get  their  job  done,  from  the 
most  basic  chore  to  complex  processes”  is 
See  Utility,  page  55 
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IT  managers 
need  to  focus  on 
getting  all  the 
data  they  capture 
from  instrumen¬ 
tation  and  test¬ 
ing,  and  consoli¬ 
date  it  in  one 
place  so  they  can 
more  effectively 
manage.” 


George  Hamilton, 
senior  analyst, 
The  Yankee  Group 
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Checklist 


IT  managers  need  to  work  with  existing  resources  and  be 
smart  about  new  purchases  when  building  an  agile  data 
center.  Here  are  some  tasks  that  need  to  get  done: 


□ 


□ 


□ 


Applications: 

Eliminate  excess 

applications. 

Define  standards 

for  databases, 

development 

languages  and 

middleware. 

Standardize 

application 

versions. 


fnnnnnnnJ^  fnnnnnnnJ^ 


Hardware: 

□  Phase  in  intelligent 
routers,  switches, 
servers  and  storage 
devices  with  self¬ 
managing  capabilities. 

□  Combine  applications 
onto  fewer,  larger 
multiprocessor  servers. 

□  Virtualize  disparate 
storage  pools. 


shared  infrastructure.  Within  that  shared 
infrastructure,  users  can  determine  appli¬ 
cation  priorities,  common  security  privi¬ 
leges,  and  automated  policy  responses. 


Pay  attention  to  processes 

Building  a  smarter  data  center  requires  in¬ 
corporating  business  goals  and  processes 
into  technology  systems.The  issue  is  part 
cultural  and  part  technical.  Business  lead¬ 
ers  need  to  communicate  business  objec¬ 
tives  to  the  IT  department,  and  IT  execu¬ 
tives  need  to  map  those  objectives  to  tech¬ 
nology  resources. Collaboration  is  required 


as 


Management: 

□  Take  inventory  of  hardware, 
applications. 

□  Determine  asset  dependencies 
among  data  center  components. 

□  Collect  up-to-date  configuration 
information. 

□  Work  to  create  an  aggregate  view 
of  management  data. 


IT  governance: 

□  Document 
processes. 

□  Consider 
outsourcing. 


Our  step-by-step  guide 
to  addressing  the  most 
pressing  network  issues 
of  the  day 


“It’s  leverage 
that  gets  you  a 
good  deal.  If 
you  think  you’re 
going  to  get  a 
good  deal 
because  you’re 
a  long-time, 
loyal  customer, 
you’re  wrong.” 
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More  online 

Find  out  what  Levine 
thinks  about  individual 
carriers. 

www.nwfusion.com, 
DocFinder:  8721 
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Telecom  spending  represents  a 
big  chunk  of  most  IT  budgets,  but 
industry  competition  and  negotiat¬ 
ing  finesse  can  reduce  costs.  Hank 
Levine,  a  Washington,  D.C.,  attorney 
with  Levine,  Blaszak,  Block  & 
Boothby,  has  helped  large  compa¬ 
nies  squeeze  carriers  for  years. 
Levine  spoke  recently  with  Net¬ 
work  World  Senior  Editor  Denise 
Pappalardo.  Here  is  an 
edited  version  of  the  interview: 

How  has  the  landscape  for  negotiating  telecom 
contracts  changed  in  the  past  few  years? 

The  landscape  has  changed  in  several 
key  respects.  First,  the  rapid  price  decreases 
we  saw  in  the  late  1990s  (10%,  15%  or  20% 
per  year)  have  trailed  off.  We  are  still  seeing 
price  decreases,  but  the  decreases  are 
more  like  5%. 

Second,  there  has  been  an  upheaval  in 
the  industry  from  MCI/WorldCom’s  bank¬ 
ruptcy  to  the  entry  of  the  [regional  Bell 
operating  companies]  in  the  long-distance 
market. 

The  third  change  is  next-generation  tech¬ 
nology’s  impact  on  the  market.  Much  in  the 
same  way  that  frame  relay  shook  up  the 
data  world  in  the  mid  1990s,  IP  VPNs  and 
[voice  over  IP]  are  starting  to  do  the  same. 
All  this  is  happening  at  the  same  time  we 
are  seeing  growing  use  of  mobile  service, 
various  forms  of  remote  access  and  the 
death  of  the  calling-card  market. 

How  do  less-aggressive  price  decreases  affect 
users  at  the  negotiating  table? 

One  thing  people  have  to  do  is  temper 
expectations.  There  are  ways  to  keep  get¬ 
ting  10%  to  15%  price  decreases,  but  they 
don’t  include  walking  into  your  carrier  and 
simply  asking.You  can  still  do  very  well,  but 
it  takes  a  lot  more  effort. 

How  can  users  lower  their  annual  contract 
rates  by  10V.  to  15%  if  the  average  is  5%? 
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They  have  to  be  willing  to  move 
traffic  to  a  second-tier  carrier, and  they  ia 
to  be  willing  to  change.  There  is  always|a 
better  bid  from  a  user’s  non-incumbent  car¬ 
rier.  If  you  don’t  show  that  you  are  willing  to 
go  through  the  pain  of  changing  service 
providers,  then  the  ability  to  get  those  dol¬ 
lars  from  your  incumbent  is  compromised. 

Is  the  fact  that  MCI  is  still  in  bankruptcy, 
although  close  to  emerging,  something  users 
should  consider? 

Yes.  The  last  five  years  have  proven  that 
diversity  of  carriers  is  important.We  tell  MCI 
customers:  Stick  with  MCI,  but  you  can’t 
give  them  90%  of  your  business.  Cut  that 
percentage  in  half. 

We  say  that,  with  a  little  less  urgency  but 
for  similar  reasons,  to  Sprint  and  AT&T  cus¬ 
tomers  and  certainly  to  Qwest  customers. 

How  seriously  should  users  consider  the  fact 
that  most  RBOCs  will  soon  be  able  to  offer 
national  longdistance  voice  and  data  services? 

There  is  good  news  and  bad  news  about 
the  RBOCs.The  bad  news  is  that  the  RBOCs 
are  not  ready  to  support  large,  nationwide 
networks.  The  good  news  is  they  are  a  lot 
more  ready  than  they  were  12  months  ago 
and  in  another  12  to  18  months  they  will  be 
ready  for  prime  time. 

Why  is  diversity  so  critical  today? 

Diversity  assures  users  that  their  network 
will  not  go  dark  if  their  carrier  files  for 
bankruptcy.Those  with  a  weak  lead  carrier, 
which  MCI  is  the  best  example,  need  a  lot 
of  diversity  and  are  foolish  not  to  have  two 
T-ls  into  their  major  facilities. 

Does  diversity  mean  a  user's  telecom  spending 
will  go  up? 

Actually,  it  means  their  costs  will  go  down. 
People  believe  what  you  pay  depends  on 
the  volume  you  purchase.That  is  a  lie.There 
is  no  correlation  between  volume  of  ser¬ 
vice  delivered  and  the  price  you  get. 

The  single  best  prices  I  know  of  go  to  a 
wonderful  little  catalog  shop  in  Florida.The 


guy  spends  a 
has  people  beggin 
because  he  does  oneyear  co 
the  end  of  the  year  it’s  up  for  auction. 

His  willingness  to  change  carriers  gets  him  the 
best  deal,  not  the  fact  that  he's  spending  a  cer¬ 
tain  amount  with  one  carrier  per  year? 

Yes.  The  carriers  will  tell  you:  If  you  have 
$6  million  in  traffic,  I’ll  give  you  a  good 
price  if  you  give  me  $4  million;  a  little  bet¬ 
ter  if  you  give  me  $5  million;  and  the  best 
price  if  you  give  me  $5.5  million  of  that  traf- 
fic.The  guy  who  spends  $12  million  gets  the 
same  story  and  the  same  prices. 

What  should  Fortune  1000  users  keep  in  mind 
as  they  sit  down  to  negotiate  their  contracts? 

It’s  leverage  that  gets  you  a  good  deal.  If 
you  think  you’re  going  .to  get  a  good  deal 
because  you’re  a  long-time,  loyal  customer, 
you’re  wrong.  Making  the  carriers  believe 
you  can  and  will  move  traffic  is  the  first 
thing. 

Second,  know  the  timeline.  Three 
months  before  your  contract  is  about  to 
expire  is  not  enough  time  to  do  an  RFP 
and  migrate  traffic,  and  your  carrier  knows 
it.  Start  thinking  about  negotiating  a  year 
in  advance  of  your  contract  expiring,  get 
real  serious  nine  months  in  advance  and 
finish  negotiating  a  new  deal  six  months 
in  advance. 

Third,  know  your  traffic.  If  you  know  your 
traffic,  you  can  better  compare  bids.  Don’t 
let  your  incumbent  tell  you  what  type  of 
traffic  you  have  at  the  negotiating  table. 

What  is  the  industry  standard  for  contract 
lengths? 

Keep  it  as  short  as  possible. The  industry 
standard  had  been  three  years,  but  now 
more  deals  are  being  done  with  two-year 
terms.  With  a  three-year  deal  you  need  a 
rate  review  clause  with  some  teeth 
because  rates  will  have  gone  down  during 
the  life  of  your  contract.  ■ 


See  how 
See  how 
See  it  adj 
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BY  CARA  GARRETSON  AND  ELLEN  MESSMER 


■  he  idea  of  saving  millions 
of  dollars  annually  would 
be  a  hit  with  any  company.  Combine  it 
with  increased  end-user  productivity 
and  reduced  network  administrator 
headaches  and  you’ve  got  a  home  run. 
That's  been  Jason  Sosinski’s  experience 
with  MXtreme,  a  spam-fighting  appli¬ 
ance  from  Borderware  that  his  company 
installed  last  year. 

Sosinski,  IS  security  administrator  at 
ARS  Service  Express,  estimates  that  the 
heating  and  cooling  services  company 
is  saving  roughly  $2  million  per  year 
with  MXtreme. 

“Users  were  spending  more  time  iden¬ 
tifying  spam  on  their  own  than  doing 
actual  work”  before  MXtreme  was  in¬ 
stalled,  Sosinski  says.  Now,  of  the 
approximately  11,000  e-mails  the  Mem¬ 
phis.  Tenn.,  company’s  2,500  em¬ 
ployees  receive  each  day,  roughly  50 
are  spam.  “That’s  a  number  I  can  live 
with,”  he  says. 

Most  companies  have  experienced  the 
toll  that  unwanted  e-mail  takes  on  their 
employees’  ability  to  do  their  jobs,  their 
network  and  storage  resources,  and 
their  network  managers'  patience.  In  a 
recent  survey  by  The  Radieati  Group, 
43%  of  companies  said  they  didn’t  have 
a  formal  anti-spam  policy  in  place. 
Those  companies  should  invest  imme¬ 
diately  in  spam  protection,  the  re¬ 
search  firm  says,  or  suffer  the  conse¬ 
quences  as  the  percentage  of  unwanted 
e-mail  in  corporate  in-boxes  —  now 
totaling  at  least  50%  of  all  e-mail  —  con¬ 
tinues  to  rise. 

The  good  news  is  the  market  is  flooded 
with  ways  to  reduce  spam.  From  soft¬ 
ware  that  sits  at  the  messaging  server 
to  gateway  applications  to  dedicated 
appliances  and  outsourced  services, 
vendors  pop  up  almost  daily,  offering 
products  dedicated  to  zapping  spam. 
Companies  that  specialize  in  other 
areas,  such  as  virus  protection,  content 
filtering  and  multifunction  appliances 
also  are  entering  the  market,  in  an 
attempt  to  become  one-stop  providers 
of  messaging  security  needs.  While 
choice  is  good,  the  anti-spam  market 
has  become  a  dizzying  array  of  prod¬ 
ucts  arid  technologies. 

Before  attempting  to  sift  through  the 
various  anti-spam  approaches,  compa¬ 
nies  should  make  a  few  key  decisions  to 
help  guide  their  search.  Are  you  com¬ 
fortable  outsourcing  your  spam  head¬ 
ache  to  a  service  provider,  which  means 


Our  step-by-step  guide 
to  addressing  the  most 
pressing  network  issues 
of  the  day 


“Users  were 
spending  more 
time  identifying 
spam  on  their  own 
than  doing  actual 
work/' 

Jason  Sosinski,  IS  security 
administrator,  ARS 
Service  Express 


For  spam  fighters 


■  Look  for  anti-spam  products 
that  employ  more  than  one 
type  of  filter  —  white  or 
black  lists,  fingerprinting  — 
to  capture  spam. 


■  Decide  how  much  control 
your  company  wants  over 
e-mail  that’s  been  deemed 
spam,  and  whether  end 
users  or  the  network  admin 
istrator  should  manage  it. 


spam  they  filter,  we  find  the  major  [dif¬ 
ferences]  around  now  that  they've 
caught  the  spam,  what  to  do  with  it?" 


letting  vour  e-mail  traffic  flow  through 
their  data  centers  before  hitting  your 
corporate  network?  If  you  prefer  an  in- 
house  solution,  should  it  sit  at  your  mail 
gateway  to  ward  off  spam  before  it 
enters  your  network,  saving  valuable  re¬ 
sources,  or  at  the  mail  server  where  it 
can  perform  additional  tasks  as  well?  Or 
does  a  dedicated  appliance  that  can’t  be 
tampered  with  sound  more  secure?  And 
what  about  offerings  from  established 
messaging  security  vendors? 

While  these  approaches  have  their 
pros  and  cons,  analysts  agree  they  all 
beat  doing  nothing.  Because  most  of 
these  enterprise  products  employ  more 
than  one  means  of  filtering  spam  —  be  it 
through  heuristics,  fingerprinting,  black 
and  white  lists  —  the  distinctions  come 
down  to  where  a  company  wants  to  in¬ 
stall  the  product  and  what  kind  Of  ad¬ 
ministrative  features  it's  looking  for. 

“In  general,  all  of  these  approaches  are 
effective,”  says  Matt  Cain,  an  analyst 
with  Meta  Group.  “I  don't  think  [there 
are]  wide  discrepancies  in  how  much 


■  Educate  your  end  users  to 
identify  and  report  any  spam 
that  does  get  through,  and 
alert  them  to  e-mail  fraud. 

. ;  Qne  clue  to  detect  spam  ijs  if 
the  sender's  e-mail  address 
differs  from  the  company’s 
name  in  the  message. 


Anti-spam  services 

The  leaders  in  this  market  include 
Postini,  FrontBridge  and  Messagel.abs. 
Their  services  divert  a  company's  in¬ 
coming  mail  to  their  own  data  centers, 
where  a  number  of  techniques  are  em¬ 
ployed  to  quarantine  unwanted  e-mail 
messages,  and  the  remainder  of  the  traf¬ 
fic  is  passed  on  to  the  customer.  Anti¬ 
spam  service  vendors  tune  their  filters 
to  be  sensitive  to  false  positives  be¬ 
cause  businesses  are  often  more  con¬ 
cerned  about  missing  wanted  communi¬ 
cation  than  having  a  few  extra  spam 
messages  in  their  users’  in-boxes. 

Anti-spam  services  can  be  the  right 
answer  for  companies  that  want  to  ded¬ 
icate  minimal  I  I  resources  to  handling 
spam.  “We  wanted  to  go  with  someone 
who  was  more  of  an  expert  in  the  area, 
rather  than  have  that  responsibility 

See  Spam,  page  48 


■  Limit  Web  surfing  on  compa¬ 
ny  PCs;  an  easy  way  for 
spammers  to  find  live  e-mail 
•  addresses  is  by  lifting  them 
from  sites  where  visitors 
have  input  their  address. 
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WebSphere  software 


See  information  organized 
See  access  personalized. 
See  service  recognized. 


IBM  WebSphere,  the  market  leader  in  portals,  gathers  information  from  multiple  sources  into  one  personalized 
view,  so  employees,  partners  and  customers  see  what  they  need,  when  they  need  it.  On  demand.  WebSphere 
is  open,  so  it  works  with  current  IT  investments.  Combined  with  Lotus  dynamic  interaction,  everything  from, 
customer  loyalty  to  ROI  starts  looking  up.  For  a  portal  InfoKit,  visit  ibm.com/websphere/seeit/portals 


IBM.  WebSphere.  Lotus,  the  e-business  logo  and  e-businesS  Oh  demand  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  v 
countries  Information  about  portal  market  share  is  based  on  new  license  revenue  lor  2002  from  the  Gartner  report.  "IBM  Has  Top  Share  in  All  Application  Integration.  Middleware  Markets”  (5/03),/ 
2003  Gartner.  Inc  2003  IBM  Corporation  All  rights  reserved  '  '  / 
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Continued  from  page  46 


Giliman,  director  of  technology  with  law 
firm  Allen  Matkins  in  Los  Angeles.  “Cer¬ 
tain  things  should  be  outsourced.” 

Giliman  chose  FrontBridge. 

Other  advantages  of  anti-spam  ser¬ 
vices  include  how  quickly  customers 
can  get  up  and  running  —  it  usually 
takes  less  than  a  week,  while  installing 
and  configuring  software  in  house  can 
take  a  couple  of  months,  says  Meta 
Group’s  Cain.  Because  there’s  sure  to  be 
a  shakeout  in  the  anti-spam  market  that 
will  leave  a  few  big  companies  standing, 
using  a  service  for  a  year  or  two  is  a 
good  way  to  avoid  having  to  choose  an 
anti-spam  software  vendor  until  clear 
winners  emerge,  Cain  adds. 

Responding  to  the  security  concerns 
that  some  companies  have  about  letting 
their  e-mail  flow  through  a  third  party 
before  it  reaches  the  corporate  network, 
Postini’s  Scott  Petry,  founder  and  vice 
president  of  products  and  engineering, 
says,  “Incoming  e-mail  has  already  been 
out  on  the  Internet.  We  offer  a  service 
that  allows  people  to  resolve  their  spam 


Spammers  stay  one  step  ahead 

Despite  advances  in  anti-spam  technology,  spammers 
consistently  manage  to  foil  the  products  designed  to 
thwart  them.  As  long  as  sending  unwanted  e-mail  remains 
a  profitable  proposition  for  spammers,  they  will  continue  to 
find  ways  around  filters  with  techniques  that  are  becoming 
more  advanced. 

In  the  last  six  months  HTML-based  spam  has  started 
replacing  text-based  spam,  says  Sue  Larsen,  vice  presi¬ 
dent  for  global  content  team  at  SurfControl.  “It  can  be  just  an 
image  pulled  down  from  a  server,"  she  says  about  this  new  form  of 
spam.This  "hidden  agenda"  technique  lets  the  spammer  split  spam 
words  by  mixing  ASCII  text  and  HTML  to  make  them  unreadable  by  dictio¬ 
nary-based  scanning  tools. 

Another  technique  called  treacherous  tracks,  makes  it  possible  to  capture  a 
recipient’s  e-mail  address  when  he  clicks  on  a  picture  embedded  in  the  mes¬ 
sage.  More  severe  still  are  "dodgy  domains,"  which  let  spammers  commit 
fraud  by  redirecting  users  to  a  fake  Web  site  masquerading  as  a  legitimate 
one. ;  :  -  '  •  - 

Dodgy  domains  have  been  used  in  several  cases  of  online  fraud  com¬ 
mitted  against  banks.  such  as  Citibank,  and  e-commerce  sites,  such 
as  eBay.  "They  just  hijack  you,"  Larsen  says. 

A  recipient  of  the  e-mail  who  doesn’t  recognize  that  the  originat¬ 
ing  e-mail  address  doesn't  match  the  company  name  in  the 
e-ma'tl  might  cliqk  on  a  link  embedded  in  the  message  that 
brings  the  recipient  to  the  dodgy  domain. There  the  recipient 
A;  is  asked  to  enter  personal  and  financial  information,  such  as 
Social  Security  number  or  bank  account  number,  which 
allows  the  spammers  to  steal  the  recipient's  identity. 

—  Ellen  Messmer 


problems  before  it  hits  their  network." 

On  the  downside,  anti-spam  services 
can  cost  more  in  the  long  run  than  soft¬ 
ware  or  an  appliance,  because  the  ser¬ 
vices  usually  involve  a  monthly  fee,  not 
a  one-time  charge,  says  Masha  Khmart- 
seva,  senior  analyst  with  The  Radicati 


Group.  A  typical  FrontBridge  customer 
spends  between  $1.50  and  $3.50  per 
user,  per  month. 

Gateway  and  server  software 

This  is  where  the  anti-spam  market 
gets  most  crowded,  with  Brightmail 
being  the  dominant  player  and  Active- 
State,  Cloudmark,  Proofpoint,  Mail- 
Frontier  and  others  offering  products  as 
well.  Anti-spam  gateway  software  sits  at 
a  corporation’s  mail  gateway  to  filter 
spam  out  of  the  incoming  messages. 
These  products  generally  give  compa¬ 
nies  the  most  options  for  how  they  want 
to  handle  spam  once  it’s  caught,  includ¬ 
ing  quarantine  areas  managed  by  end 
users  where  spam  messages  are  held. 
Many  products  also  offer  black  and 
white  lists,  which  dictate  e-mail  senders 
that  should  always  be  blocked  and 
never  be  blocked,  respectively. 

Wyndham  Hotels,  of  Irving,  Texas,  in¬ 
stalled  and  ripped  out  anti-spam  gate¬ 
way  software  from  an  unnamed  com¬ 
pany  before  deciding  to  go  with  Mail- 
Frontier’s  software.  “That  gave  us  an 
opportunity  to  see  what  our  needs  were. 
We  learned  we  needed  a  lot  of  end-user 
functionality,”  says  Lyndon  Brown,  man¬ 
ager  of  network  service  and  electronic 
messaging  at  Wyndham. 
Brown  is  responsible  for 
supporting  the  compa¬ 
ny’s  7,000  e-mail  users. 
With  MailFrontier’s  Anti¬ 
spam  Gateway  software, 
Wyndham’s  users  re¬ 
ceive  a  daily  list  of  what 
messages  were  blocked 
as  spam,  although 
Brown  says  that  as  users 
grow  more  confident  in 
the  software  they  check 
the  list  less  often. 

Also  on  the  market  are 
anti-spam  packages  that 
integrate  with  a  compa¬ 
ny’s  e-mail  server,  such 
as  those  from  Block  All 
Spam  and  SunBelt.  A 
number  of  vendors 
don’t  specialize  in  spam 
protection  but  include 
it  in  their  offerings  — 
the  advantage  is  tight 
integration  with  other 
messaging  services, 
such  as  e-mail  policy 
enforcement  and  virus 
protection. 

Summit  Electric  Supply, 
which  has  about  550  em¬ 
ployees,  uses  Clearswift’s 
MailSweeper  server  soft¬ 
ware  to  filter  e-mail  for 
spam  and  any  objec¬ 
tionable  content  that  might  violate 
corporate  e-mail  policy. 

The  Albuquerque,  N.M.,  company 
traps  about  2,500  spam  messages  per 
day  using  the  server-based  filter,  says 
Kurt  Williams,  CIO  of  the  industrial  sup¬ 
ply  firm. 


Using  anti-spam  software  on  a  mail 
server  also  means  companies  can  scan 
outgoing  mail  and  incoming  messages. 
Atlanta  law  firm  Arnall  Golden  Gregory 
uses  NetIQ’s  MailMarshal  to  monitor 
outgoing  e-mail  for  possible  sensitive 
messages  related  to  medical  issues  and 
privacy,  says  network  administrator 
Paul  Grulke. 

“We  built  a  hit  list  of  key  words,  such 
as  ‘chiropractor’  and  ‘patient,’”  Grulke 
says.  Outbound  mail  with  these  key¬ 
words  might  be  stopped,  which  helps 
the  law  firm  comply  with  the  federal  law 
known  as  the  Health  Insurance  Port¬ 
ability  and  Accountability  Act. 

Gateway  appliances 

These  appliances  from  Borderware, 
Corvigo,  Sendio  and  others  also  sit  at  a 
company’s  gateway  to  detect  incoming 
spam,  but  consist  of  a  dedicated  server 
and  hardened  operating  system  that 
vendors  say  offer  heightened  security.  In 
general,  these  appliances  offer  the  same 
amount  of  spam  protection  and  adminis¬ 
trative  and  end-user  controls  as  anti¬ 
spam  software.  However,  anti-spam 
appliances  tend  to  be  easier  to  set  up 
because  there’s  minimal  configuring. 
They  also  might  offer  better  perfor¬ 
mance  because  the  operating  system  is 
tweaked  for  the  task,  Meta’s  Cain  says. 

Borderware  is  taking  a  more-is-better 
approach  to  fighting  spam.  The  anti¬ 
spam  appliance  vendor  recently  an¬ 
nounced  plans  to  integrate  Brightmail’s 
anti-virus  gateway  software  with  the 
next  release  of  its  MXtreme  appliance, 
offering  additional  anti-spam  filters  and 
increasing  its  product’s  scalability. 
MXtreme  can  scan  traffic  only  for  com¬ 
panies  with  up  to  roughly  4,000  users. 

Security-plus 

With  the  anti-spam  market  booming, 
it’s  no  surprise  that  -vendors  offering 
other  types  of  e-mail  products  want  to 
get  in  on  the  game.  Security  vendors  in¬ 
cluding  Network  Associates,  Symantec 
and  Trend  Micro  have  introduced  anti¬ 
spam  products,  both  software-  and  hard- 
ware-based,  and  some  multi-function  de¬ 
vices  that  act  as  firewalls  and  anti-virus 
filters  as  well  as  offer  spam  protection. 

Some  analysts  think  multi-use  prod¬ 
ucts  could  quickly  upstage  stand-alone 
anti-spam  software  or  appliances 
because  IT  departments  often  prefer 
having  fewer  products  to  install  and 
maintain. 

But  others  warn  that  it’s  too  early  in 
the  development  of  anti-spam  technol¬ 
ogy  to  trust  this  crucial  task  to  a  com¬ 
pany  that  doesn’t  live,  eat  and  breathe 
spam.  While  a  number  of  big  anti-virus 
companies  offer  anti-spam  products 
too,  “generally  their  spam-blocking  stuff 
is  still  immature,  compared  with  what 
else  is  on  the  market,”  Cain  says. 

“We  expect  in  a  year  or  two  that  will 
change  ....  For  now  1  would  say  you 
need  to  go  with  a  best-of-breed  vendor,” 
he  adds  JI 


ODDS  ARE  JUST  ONE 
REMOTE  OFFICE  CAN  BRING 
YOUR  ENTIRE  NETWORK 
CRASHING  DOWN. 


Beat  the  odds  with  Trend  Micro. 


Finally,  a  way  to  control  and  configure  remote  offices  from  a  central  location. 
Introducing  Trend  Micro"  Gatelock™  3000/5000 —  the  ultimate  security  appliance 
from  the  global  leader’ at  the  gateway.  Featuring  firewall,  VPN,  and  antivirus 
capabilities  in  one  easy  to  deploy  solution,  it  will  help  you  eliminate  security 
threats,  reduce  costs,  and  revel  in  a  state  of  utter  calm. 
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“This  typically 
isn’t  a  task  for 
one  person.  It  has 
to  involve  the 
security  group, 
the  operations 
group  and  the 
developers,  so 
what  also  makes 
patching  tough  is 
a  lack  of 
resources.” 

Felicia  Nicastro,  senior 
network  systems  consultant, 
International  Network 
Services 
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I - 1  he  list  of  all-too-familiar  names 

—  Nachi,  Klez,  Lovsan,  SoBig,  BugBear, 
Swen,  Blaster  and  Yaha  —  represents  only  a 
sampling  of  the  most  prevalent  worms  and 
viruses  that  slithered  into  corporate  net¬ 
works  this  fall.  But  they  all  have  one  thing  in 
common:  Patches  were  readily  available 
before  most  damage  had  been  done. 

So  why  do  these  intruders  continue  to 
wreak  such  havoc? 

Because  patch  management  is  tough. 

It’s  tough  because  there  are  too  many 
patches  and  not  enough  time,  and  be¬ 
cause  exploits  to  announced  vulnerabil¬ 
ities  are  materializing  faster.  (Blaster  ap¬ 
peared  only  26  days  after  Microsoft  re¬ 
ported  the  vulnerability) 

It’s  tough  because  clients  are  becoming 
the  attack  targets  as  much  as  servers,  fuel¬ 
ing  faster  propagation  and  the  threat  of  re¬ 
infection  from  mobile  workers  reconnect¬ 
ing  to  the  network. 

And  it’s  not  just  Microsoft  vulnerabilities. 
Although  Windows  seems  to  get  the  bulk  of 
the  exploits  and  end-user  animosity  the  list 
of  targets  includes  routers,  switches,  fire¬ 
walls;  Unix  and  Linux,  too. 

Patching  chores  likely  will  never  go  away 
experts  say  but  there  are  ways  to  address 
the  task  proactively  to  minimize  exposure. 

“Patching  is  the  physical  process,”  says 
James  Williams,  information  delivery  man¬ 
ager  for  RBC  Centura  Bank  in  Rocky 
Mount,  N.C.“But  you  have  to  manage  that 
process,  and  to  do  that  you  need  some 
structure.” 

Centura  has  an  1 1 -person  staff  as  part  of  a 
computer  security  incident  response  team 
that  maintains  what  Williams  calls  a  “very 
systematic  and  very  organized”  patch  man¬ 
agement  process.  That  process  utilizes  in¬ 
ventory  change-control  practices  and  auto¬ 
mated  deployment  supported  by  tools 
from  Ecora,  lBM/Tivoli  and  others. 

“1  might  not  have  enough  staff,  but  I  have 
processes  and  organization  that  help  me 
cover  that  issue,”  he  says. 


How  to  patch 

“We  see  people  looking  for  a  tool  that  will 
solve  all  their  problems,  but  what  you  need 
is  a  process;  it’s  not  just  about  the  tool,” says 
Felicia  Nicastro,  senior  network  systems 
consultant  for  International  Network  Serv¬ 
ices,  a  consulting  firm  that  kicked  off  a 
patch  management  service  in  September. 
Nicastro  says  the  biggest  mistake  compa¬ 
nies  make  is  leaving  out  the  processes, such 
as  diligent  monitoring  for  new  patches  cou¬ 
pled  with  detailed  evaluation,  testing,  de¬ 
ployment  and  validation  that  a  team  or  in¬ 
dividual  manages. 

“This  typically  isn’t  a  task  for  one  person. 
It  has  to  involve  the  security  group,  the 
operations  group  and  the  developers,”  she 
says.“So  what  also  makes  patching  tough  is 
a  lack  of  resources.” 

Nicastro  says  companies  need  to  have 
several  pieces  in  place  before  a  patch  man¬ 
agement  process  can  be  installed:  network 
inventory  change  management,  configura¬ 
tion  management,  asset  management,  for¬ 
malized  record  keeping,  an  understanding 


///  ” 


of  costs. prioritization  guidelines.and  main¬ 
tenance  and  communications  plans. 

“Getting  a  process  in  place  can  be  dif¬ 
ficult  if  you  don’t  have  all  these  pieces 
together  she  says. 

Inventory,  or  documenting  what  mach¬ 
ines  run  what  software,  is  the  first  step. 

“This  might  be  your  biggest  cost,”  Nicastro 
says.“Inventory  can  take  some  time.” 

Inventory  ties  into  asset,  change  and 
configuration  management.  “If  you  track 
configuration  then  you  know  what’s 
changed,  and  that  can  help  with  future 
patching,”  she  says. 

The  process  starts,  Nicastro  says,  with 
monitoring  for  new  vulnerabilities  and 
available  patches  for  everything  in  inven¬ 
tory  Once  a  vulnerability  is  identified  and 
determined  to  be  a  threat,  teams  of  IT,  data 
and  operations  managers  must  work  to¬ 
gether  to  usher  a  patch  through  the  estab¬ 
lished  rollout  process.  A  course  of  action 
and  a  timetable  for  execution,  including 
lab  testing,  should  be  established. 

“Many  times  companies  don’t  have  the 
money  to  support  a  lab  or  duplicate  envi¬ 
ronment,  but  at  a  minimum  you  should  try 
to  duplicate  business-critical  systems, say  a 
Web  server  with  a  database  back  end," 
Nicastro  says. 

After  testing,  distribution  of  the  patch,  im¬ 
plementation,  exception  handling,  tracking 
and  reporting  need  to  be  done. 

Software  and  services  for  such  tasks  are 
available  from  vendors  such  as  Altiris,  Big- 
Fix,  Computer  Associates,  ConfigureSoft, 
Ecora,  HP  IBM,  Loudcloud,  Microsoft,  Nov¬ 
ell,  PatchLink,  Shavlik  Technologies  and  St. 
Bernard  Software. 

Nicastro  says  in  times  when  patching  be¬ 
comes  a  fire-fighting  exercise,  companies 
should  quarantine  the  worm  or  virus  on 

See  Patching,  page  52 
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DosandDon’ts 


Do 


I  Establish  a  team  or  appoint  an 
individual  to  monitor  for  new 
vulnerabilities. 

I  Create  a  process  to  evaluate  and 
deploy  patches. 

I  Acquire  a  set  of  software  tools  to 
support  the  process. 

I  Develop  a  procedure  for  validating 
installation  of  patches. 

I  Quarantine  bugs/worms  on  network 
segments  in  an  emergency. 


Don’t 

■  Try  to  patch  without  creating  an 
inventory  of  all  your  systems  and 
software. 

■  Think  the  problem  is  under  control 
just  because  you  have  a  software 
tool. 

■  Delay  deployment  of  patches  listed 
as  critical  because  exploits  now  are 
showing  up  soon  after  vulnerabili¬ 
ties  are  announced. 

■  Assume  that  attacks  are  more  like¬ 
ly  to  come  from  outside  rather 
than  inside  your  organization  given 
recent  attacks  that  were  launched 
using  infected  internal  clients. 
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You’ve  built  redundancy  into  your  systems, 
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but  if  they  can’t  be  used  to  run  your  business, 

they  might  as  well  be  here. 
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Introducing  Information  Availability. 
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You’ve  dedicated  tremendous  time  and  resources  to  safeguarding  your  company’s  mission-critical 
systems.  But  if  it  isn’t  combined  with  a  robust,  redundant  infrastructure,  the  latest  technologies, 
professional  expertise,  and  proven  processes;  you  won’t  achieve  the  levels  of  availability  and  uptime 
today’s  marketplace  demands.  That’s  why  you  need  a  SunGard  Information  Availability  strategy. 
Working  with  SunGard,  we’ll  customize  a  total  solution  that  helps  ensure  your  employees  and 
customers  have  uninterrupted  access  to  the  critical  systems  and  data  that  run  your  business,  24/7. 
Make  sure  all  your  systems  are  “go”.  To  see  how  cost  effective  an  Information  Availability  strategy 
can  be,  see  our  white  paper  prepared  by  I  DC  at:  www.availability.sungard.com 
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Patching 

continued  from  page  50 

network  segments  and  patch  using  their 
documented  processes. 

“The  number  of  vulnerabilities,  their  ex¬ 
ploits  and  the  serious  damage  that  they 
can  do  is  why  having  a  process  is  so  impor¬ 
tant,”  she  says. 

Patching  in  action 

Those  words  ring  true  for  Williams  at 
Centura  Bank,  whose  organized  process  in¬ 
cludes  assigning  a  value  of  critical,  high, 
medium  or  low  to  each  vulnerability. 

“If  it  is  critical,  each  manager  on  our 
[computer  security  incident  response] 
team  has  to  respond  [with  their  course  of 
action]  in  24  hours,"Williams  says.The  vul¬ 
nerabilities  are  compared  against  an  inven¬ 
tory  of  everything  on  the  network,  includ¬ 
ing  250  servers  and  1,800  desktops. The  in¬ 
ventory  is  updated  weekly 

Once  the  team  managers  decide  a  patch 
is  needed,  a  five-step  program  Centura  calls 
release  management  is  followed.  The  first 
step  is  to  develop  the  change  process, 
which  is  then  logged  and  audited  as  part  of 
Step  2.  A  series  of  tests  are  done  at  Step  3, 
and  if  the  results  are  inadequate  the 


Popular  tools 


A  recent  online  survey  of  about  4,500  users  conducted  by  the 
NTBugtraq  security  Web  site  shows  the  most  popular  free  and 
fee-based  patch  management  tools. 

(Note:  Not  all  respondents  use  fee-based  tools.) 


Free  tools 

Provider 

Respondents 
using  tool 

Manual 

NA 

1,488 

Windows  Update 

Microsoft 

1,114 

Software  Update  Services 

Microsoft 

653 

HFNetCheck  Freeware 

ShavlikTechnologies 

578 

Security  Baseline  Analyzer 

Microsoft 

376 

VB  Scripts 

NA 

186 

Fee-based  tools 

ZenWorks  Suite 

Novell 

391 

HFNetChk  Pro 

ShavlikTechnologies 

244 

System  Management  Server 

Microsoft 

220 

Update  Expert 

St.  Bernard  Software 

126 

GFI  LanGuard 

GFI  Software 

96 

Ghost 

Symantec 

70 

PatchLink  Update 

PatchLink 

44 

Deployment  Server 

Altiris 

43 

TME  Software  Distribution 

IBM/Tivoli 

31 

Patch  Manager 

Ecora 

19 

Unicenter  Software  Delivery 

Computer  Associates 

19 

process  starts  all  over  again.  If  the  test  is 
successful,  Step  4  includes  distribution 
from  a  pilot  to  full-scale  production  de¬ 
ployment.  And  Step  5  mandates  follow-up 
and  validation  that  everything  is  complete 
and  working. 

“It’s  not  the  tools  or  the  people,  it’s  not 
having  the  time, "Williams  says  of  why  such 
a  regimented  process  is  needed. 

It’s  the  same  for  John  Engates,  CTO  for 
Rackspace  Managed  Hosting,  which  has 
data  centers  in  San  Antonio, Texas;  Hern¬ 


don,  Va.,  and  London.  The  company  has 
4,000  Windows  servers,  4,000  servers  run¬ 
ning  either  Linux  or  Unix,  50  routers  and 
500  firewalls  it  maintains  for  customers. 

“Software  will  never  be  perfect  and  will 
always  require  diligence  and  good  security 
practices  to  maintain  it,”  Engates  says. 

He  says  patching  routers  and  firewalls  is 
more  like  updating  versions  of  software,  but 
still  there  is  a  formal  process  that  begins 
with  network  engineers  who  monitor  dis¬ 
cussion  boards  and  security  sites.’They  eat 
and  breathe  this”  Engates  says. 

After  a  new  patch  is  identified,  a  lead  en¬ 
gineer  is  notified.  If  the  patch  is  for  a  critical 
flaw,  notification  is  sent  straight  to  the  vice 
president  of  engineering  who  decides  if 
the  patch  is  needed  and  structures  the  pro¬ 
cess  toward  deployment,  if  necessary 

If  the  patch  is  for  a  router,  the  lead  engi¬ 
neer  carries  out  the  patching  plan,  from 
calling  in  the  right  people  to  building  auto¬ 
mated  deployment  scripts. 

The  patch  is  tested  in  Rackspace’s  lab,  a 
scaled  replica  of  its  network. 

“The  testing  length  depends  on  how  big  a 
patch  it  is,”  Engates  says.The  patch  is  rolled 
out  within  a  pre-scheduled  maintenance 
window,  and  the  engineering  team  does  a 
postmortem,  gathering  documented 
changes  and  evaluating  the  process. 

“When  we  feel  like  we  are  in  danger  of 
being  exploited,  then  we  will  open  an 
emergency  [maintenance]  window  and 
do  the  patching,”  he  says. 

On  the  server  side,  Engates  says  the  pro¬ 
cess  is  a  bit  different  because  customers 
are  responsible  for  some  patching  chores. 
He  says  Linux  also  is  a  unique  platform  be¬ 
cause  it  doesn’t  have  as  many  user-friendly 
tools  as  Windows,  although  Microsoft’s 
tools  have  their  own  consistency  issues. 

“We  have  no  formal  [Linux]  configura¬ 
tion  management  tool.  There  is  more 
human  interaction  with  these  servers  than 
on  the  Windows  side,”  says  Engates,  who 
notes  the  Windows  platform  sees  a  larger 
percentage  of  exploit  code. 

When  Rackspace  identifies  a  vulnerabil¬ 
ity  on  its  Windows  servers,  a  process  similar 
to  that  for  routers  and  firewalls  is  followed. 
Testing  is  done  for  a  minimum  of  48  hours 
to  make  sure  there  are  no  problems.  If  prob¬ 
lems  arise,  the  patch  is  put  on  hold  and 
Microsoft  premier  support  is  called  in. 

“We  pay  for  this  service,  and  it  is  very 
important  we  maintain  this  relationship,” 
Engates  says. 

The  operating  system  team  is  ultimately 
responsible  for  giving  the  go  ahead  to  in¬ 
stall  the  patch,  and  Microsoft’s  SMS  is  used 
to  roll  it  out  to  the  live  network. 

“We  maintain  an  internal  knowledge 
base,  which  documents  the  changes,  pro¬ 
cesses  and  procedures  so  we  don’t  make 
mistakes,”  he  says.’  Mistakes  are  bad.” 

Open  season  on  clients 

David  Giambruno,  director  of  strategic 
infrastructure  and  security  for  Pitney 
Bowes,  says  the  big  patching  challenge 
now  is  scale. 

“In  the  past  [four  months]  there  have 
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been  new  types  of  attacks  that  go  after  the 
clients,”  he  says.“It’s  not  just  the  servers  any¬ 
more.  and  it’s  increased  the  scale  of  the 
problem.”  He  says  Pitney  Bowes  has  thou¬ 
sands  of  servers  and  clients  to  go  along 
with  hundreds  of  routers  and  switches. 
Giambruno  says  patching  clients  used  to 
be  a  natural  result  of  the  client  upgrade 
cycle.That  no  longer  works. 

“The  problem  is  the  speed  and  the  prop¬ 
agation  of  the  worms. We  can’t  just  shut  off 
Fbrt  135  or  other  networking  ports  because 
you  shut  off  your  client  networking,”  he 
says.  Early  in  the  Blaster  attack  in  August, 
Microsoft  advised  shutting  off  Fbrt  135  to 
stop  the  spread  of  the  worm.“If  I  turn  off  the 
port,  it’s  a  denial-of-service  attack  either 
way  he  says. 

Giambruno  says  the  company’s  pro¬ 
cesses  for  automatically  patching  servers 
has  been  extended  to  clients. 

In  the  wake  of  Blaster,  the  company  de¬ 
ployed  software  from  BigFix  that  provides  a 
holistic  view  of  the  entire  network,  which 
stretches  across  18  countries. 

“If  someone  turns  off  anti-virus  software 
on  their  desktop,  BigFix  turns  it  back  on.  If 
it’s  not  installed,  BigFix  installs  it,”  says 
Giambruno,  who  says  automating  pro¬ 
cesses  is  the  only  way  to  make  patch  man¬ 
agement  economical. 

Pitney  Bowes  categorizes  all  its  network 
assets  and  their  relevance  to  the  company 
Client  desktops  are  given  a  risk  profile  from 
1  to  5,  with  5  being  the  clients  that  must  be 
the  most  secure.  “Everything  we  report  on 
has  to  be  actionable,”  he  says.  For  instance, 
desktops  rated  a  5  must  be  patched  in  less 
than  24  hours. 

“Inventory  is  immensely  critical.  We  built 
a  network-detection  tool,  and  we  know 
everything  plugged  into  our  network. 
Network  creep  is  the  enemy  he  says. 

Pitney  Bowes  has  a  hierarchy  to  its  patch 
process  that  includes  global  and  regional 
patch  delivery  teams.The  global  team  con¬ 
sists  of  representatives  from  the  regional 
teams.  When  a  vulnerability  is  identified, 
Pitney  Bowes  assesses  the  potential  impact 
by  using  its  data  catalog  to  identify  vulner¬ 
able  systems,  where  they  are  and  what  they 
support.  After  the  assessment,  the  global 
team  or  a  regional  team  will  take  responsi¬ 
bility  for  the  patch,  depending  on  the  sys¬ 
tems  it  effects.  Then  the  process  of  testing, 
deployment  and  documenting  begins. 

“We  are  getting  really  good  at  this,” 
Giambruno  says.  He  says  the  worst  security 
incidents  have  taken  from  1,000  to  1,500 
man-hours  to  correct.  That  time  is  now 
down  to  75,  with  a  goal  of  ultimately  reduc¬ 
ing  it  to  20. 

He  says  success  comes  from  many  fronts 
but  includes  senior  management  accep¬ 
tance,  maturation  of  the  delivery  teams  and 
the  fact  that  people  have  bought  into  the 
philosophy. 

“Viruses  don’t  care  who  you  are. They  will 
infect  you  and  take  down  your  entire  net¬ 
work,"  Giambruno  says.  “You'll  make  some 
errors,  but  you  have  to  develop  some  pro¬ 
cesses.  Otherwise, you  can’t  afford  the  man¬ 
power  for  [patchingj.no  one can.”H 
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Register  for  new  Foundry  Networks  Enterprise  and 
Server  Load  Balancing  Free  Half-Day  Seminars,  details  at 

http://www.foundrynet.com/seminars/converge 


Buy  a  Fastlron  Edge  9604  Switch  and  receive  a 
$1,000*  instant  discount  plus  Free  Layer  3  Upgrade. 
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Your  competitive  edge 


Fastlron  Edge  Switches  let  you  do  more  with  less.  This  series  of  high-density  1  ayer 
2  3  sw  itches,  including  the  w  orld's  first  96-port  10/100  plus  4  Gigabit  uplink  switch,  delivers 
the  features  of  a  chassis-based  switch  in  a  form  factor  designed  for  environments  where  space 
is.  limited  and  reliability  is  key.  Featuring  hot-swappable,  redundant  power  supplies,  standards- 
Ixised  network  management,  a  common  user  interface,  and  the  time-proven  Iron  Ware1'1  soft¬ 
ware  suite,  these  switches  provide  a  powerful,  easy-to-use.  and  reliable  edge  solution.  Power  over 
Ethernet  and  flexible  access  control  features  make  these  switches  the  ideal  solution  for  network 
convergence.  Give  vour  network  a  competitive  edge — -get  a  Fastlron  Edge  Switch.  Call 
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Lock  down 
your  WLAN 


Take  these  nine 
steps,  then 
breathe  more 
easily. 

■  BY  JOHN  COX 


L _ J 


August,  engineers 
with  AirDefense,  a 
wireless  LAN  secur¬ 
ity  software  vendor, 
made  war  drives  in 
Atlanta,  Chicago  and  San  Francisco,  using 
scanners  to  find  WLAN  access  points 
around  downtown  office  buildings. 

The  drivers  discovered  more  than  1,100 
access  points.  Of  these,  57%  weren’t  using 
any  form  of  data  encryption,  although  most 
of  the  actual  data  traffic  in  Chicago  and  San 
Francisco  was  encrypted  by  other  means, 
such  as  via  VPN.  Three-quarters  of  the  ac¬ 
cess  points  were  broadcasting  their  Service 
Set  Identifier  (SSID),  which  is  like  hiding  in 
a  game  of  hide-and-seek  while  carrying  a 
boom  box  blaring  heavy  metal. 

The  WLAN  out  of  the  packing  boxes  is  in¬ 
herently  unsecure.  But  the  final  WLAN  secu¬ 
rity  system  you  create  will  hinge  on  what 
data  you  want  to  protect,  how  valuable  it  is 
and  the  level  of  risk  to  that  data.  Good 
WLAN  security  is  expensive:  in  time,  train¬ 
ing,  maintenance,  oversight  and  in  hard¬ 
ware  and  software  costs. 

The  following  recommendations  assume 
an  enterprise  WLAN  of  150  to  500  access 
points,  up  to  several  hundreds  of  users  and 
a  relatively  high  requirement  for  protection. 

■  Control  the  wireless  clients. 

Standardize  the  WLAN  network 
#  interface  cards  (NIC),  block  user 
access  to  them,  and  register  their  media  ac¬ 
cess  control  (MAC)  addresses. 


Create  and  enforce  procedures  and  poli¬ 
cies  for  promptly  updating  clients  with 
software  patches  and  security  updates, 
and  for  blocking  clients  running  out-of- 
date  software. 

Consider  disabling  NICs’  ad  hoc  or  peer- 
to-peer  mode,  which  lets  clients  connect  to 
each  other  without  an  access  point.  At¬ 
tackers  can  use  this  feature  to  lure  or  force 
clients  to  associate  with  a  rogue  WLAN. 


2. 


Treat  the  WLAN  as  you 
do  the  Internet  -  as 
untrusted. 

Put  a  firewall  between  the  WLAN  and  the 
wired  network.  This  barrier  blocks  unau¬ 
thenticated  WLAN  users  from  sending 
Layer  2  packets  on  to  the  wired  network,  for 
example,  as  part  of  an  Address  Resolution 
Protocol  (ARP)  attack.  A  successful  ARP 
assault  lets  the  attacker  route  traffic 
between  two  computers  on  your  network 
through  his  own  computer. 


3. 


Checklist 

Some  areas  of  concern  network  executives 
should  focus  on  when  securing  WLANs: 


VPN  concentrator 
£. 


Monitor  radio  traffic 


Protect  the  access  points. 

Conceal  access  points  behind 
ceiling  panels  or  in  closets,  and 
secure  them  to  prevent  tampering.  At  one 
universitysomeone  pulled  out  the  PC  Cards 
from  more  than  100  access  points  and  tried 
to  sell  them  on  eBay 

Hide  access  points  from  attackers  by 
changing  the  factory  default  settings  for  the 
SSID  or  IP  address  information,  creating  dif¬ 
ficult  passwords,  and  turning  off  SSID 
broadcasting. 

Turn  on  Access  Control 
Lists  for  use  with  client  MAC 
addresses. 

Select  access  points  that 
use  flash  memory  to  simplify 
future  upgrades  of  security 
patches  and  of  still-develop¬ 
ing  security  standards. 

Consider  buying  access 
points  that  let  you  create 
virtual  LANs  (VLAN) .VLANs 
let  you  group  users  and  give 
the  groups  access  to  differ¬ 
ent  network  resources. 
VLANs  also  let  you  separate 
management  traffic  from 
user  traffic. 


Secure,  control  devices 


Complement  VPN  with 
third-party  controller 
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of 


Prevent  radio 
waves  from 
“leaking"  out 

your  Site.  You  can 


“shape”  radio  waves  by  replacing  the  stan¬ 
dard  omni-directional  antenna  with  a 
directional  antenna,  especially  on  the 
edges  of  your  site. 

Another  technique  is  to  adjust  the  power 
levels  of  the  radios.  Using  less  power  means 
the  signal  doesn’t  reach  as  far. 


5 


Update  NICs  and  access 
points  with  WPA,  but  don't 
rely  solely  on  it 

Wi-R  Protected  Access  (WPA), an  early  re¬ 
lease  of  the  upcoming  IEEE  802.1  li  stan¬ 
dard,  fixes  a  number  of  problems  in  the 
original  802.11  encryption  scheme  called 
Wired  Equivalent  Privacy  (WEP). 

Among  other  things, WPA  supports  802.  lx, 
which  was  originally  created  as  an  IEEE 
standard  for  port-based  authentication  on 
wired  networks. 

But  WPA  still  uses  what’s  called  a  stream 
cipher  to  encrypt  wireless  traffic,  instead  of 
the  more  powerful  block  ciphers.  Block 
ciphers  are  used  in  Triple-DES  and,  espe¬ 
cially,  the  Advanced  Encryption  Standard 
(AES).  AES  will  be  part  of  the  802. 1  li  stan¬ 
dard  and  likely  will  require  new  WLAN 
hardware  that’s  been  revamped  to  handle 
the  additional  processing  load. 

Make  sure  the  cipher  scheme  that  you 
choose  encrypts  the  packet’s  payload. 
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Use  a  VPN.  vpns,  with  ip 
Security  (IPSec)  or  Secure  Sock¬ 
ets  Layer  (SSL)  encryption,  still 
are  widely  seen  as  the  best  protection, 
although  there  are  an  array  of  limitations: 
handling  only  IP  traffic  and  not  AppleTalk 
or  IPX  or  other  protocols,  installing  code  on 
client  devices  (for  IPSec  VPNs),  forcing 
users  to  reauthenticate  when  moving  be¬ 
tween  access  points,  bandwidth-intensive 
operation,  administrative  overhead,  and 
greater  complexity  as  the  size  of  the 
WLAN  grows. 

But  VPNs  are  well  understood  and  are 
often  already  part  of  the  enterprise  for  re¬ 
mote  access.They  create  secure, end-to-end 
encryption,  authentication  (often  via 
RADIUS  servers)  and  access  control. 

7  Complement  the  VPN  with  a 
third-party  wireless  secur- 
•  ity  controller. 

On  the  market  for  about  two  years,  secur¬ 
ity  gateways  solve  some  of  the  problems  of 
using  VPNs  for  WLANs.  Many  incorporate 
firewalls  and  VPN  termination,  support 


roaming  among  access  points  and  across 
subnet  boundaries,  and  centralize  security 
administration. 

Controllers  can  run  an  array  of  encryp¬ 
tion  and  authentication  schemes,  and  ven¬ 
dors  are  adding  in  the  emerging  standards 
such  as  802. lx  and  one  or  more  of  the  Ex¬ 
tensible  Authentication  Protocol  (EAP) 
methods  that  802. lx  can  support. 

A  range  of  these  security  features  are  also 
found  in  WLAN  “switches,”  devices  that 
combine  a  centralized  box  —  which 
applies  to  WLAN  traffic  the  management, 
control  and  provisioning  features  found  in 
wire-line  switches  —  with  companion, 
highly  simplified  wireless  access  points. 

Plan  for  802.1 x  authentica¬ 
tion.  VPNs  for  WLANs  will  be 
•  supplanted  by  the  gradual  im¬ 
plementation  of  802. lx  authentication  and 
the  other  elements  in  the  IEEE  802. 1 1  i  stan¬ 
dard,  such  as  better  encryption. 

But  some  early  adopters  of  802. lx  are 
running  into  problems:  overloading  the 
processing  power  of  the  access  points, 
complicated  troubleshooting,  and  lack  of 
802. lx  support  in  various  client  operating 
systems  and  NICs.  Their  experiences  sug¬ 
gest  that  802. lx  implementations  will  be 
gradual  as  vendors  work  out  the  kinks. 

Within  802.  lx,  there  are  many  EAP  meth¬ 
ods  from  which  to  choose.  For  all-Cisco  or 
all-Microsoft  shops, you  can  go  with  Pro¬ 
tected  EAP  (PEAP),  jointly  authored  by 
Cisco,  Microsoft  and  RSA  Security 

Methods  such  as  Microsoft’s  EAP- 


Utility, 

continued  from  page  43 

necessary  to  automate  any  system  to  sup¬ 
port  critical  applications. 

On  the  technical  side,  IT  executives 
should  start  by  documenting  the  steps  they 
take  today  to  ensure  IT  systems  are  avail¬ 
able  and  performing  as  expected, and  then 
export  that  information  into  a  workflow 
management  system.  One  caveat  is  that  the 
more  convoluted  a  company’s  IT  processes 
are  today,  the  more  difficult  it  will  be  to 
translate  those  manual  steps  into  automa¬ 
tion-ready  tasks,  Noel  says. 

Consider  services 

Service  providers  offer  an  alternative  way 
to  ease  into  utility  computing. 

HP  IBM  and  Sun  are  among  companies 
that  offer  such  services,  which  provide 
everything  from  core  server  and  storage 
capacity  to  specialized  business  applica¬ 
tions  delivery 

Uptake  for  utility  computing  is  on  the 
rise, according  to  Gartner.The  research  firm 
estimates  15%  of  corporations  will  adopt  a 
utility  computing  arrangement  this  year, 
and  the  market  for  utility  services  in  North 
America  will  increase  from  $8.6  billion  this 
year  to  more  than  $25  billion  in  2006.  By 
2006, 30%  of  companies  will  have  some 
sort  of  utility  computing  arrangement, 
Gartner  predicts. 

It  won’t  be  easy,  but  the  potential  payoff  is 
compelling.* 


Transport  Layer  Security  require  digital  cer¬ 
tificates  on  clients  and  servers,  and  the 
complexity  of  the  attendant  public-key 
infrastructure.  Others,  such  as  EAP- 
Tunneled  Transport  Layer  Security,  are 
designed  not  to  require  client  certificates, 
so  users  can  trigger  the  authentication  pro¬ 
cess  with  the  same  username/password 


they  use  to  access  the  wired  LAN. 

Stick  with  a  method  that  supports  mutual, 
or  two-way,  authentication,  to  prevent  man- 
in-the-middle  attacks. 

Monitor  the  network,  a  grow 

ing  number  of  analyzers  and 
•  monitors  let  you  examine  WLAN 
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radio  traffic,  discover  unauthorized  access 
points,  block  or  disconnect  clients  as 
needed,  and  detect  intruders.  Some  prod¬ 
ucts  are  Ethernet  sniffers  adapted  to  han¬ 
dle  WLAN  packets, others  are  specifically 
designed  for  WLANs.  Vendors  include  Air- 
Defense,  AirMagnet,  Finisar,  Network  Asso¬ 
ciates,  WildPackets  and  YellowJacket.  ■ 
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IP  Telephony  From  Dollar 
One  to  Dollars  Won 


COMPLIMENTARY  EVENT  FOR 
PROFESSIONALS  ONLY 


t's  magical.  The  moment  data,  voice  and  video  fully  integrate  across  your  network 
and  suddenly  the  benefits  become  real.  Employees  more  connected.  Information 
more  accessible.  Customers  more  satisfied.  Your  company  more  productive.  And 
■m  you  more  valuable.  Transforming  VoIP  and  IP  telephony  from  a  long-term  investment 


MODERATOR 

Johna  Till  Johnson 

INSIGHT,  EXPERTISE,  AND 

TECHNOLOGY 

►  benefits  gained  from  converged 
voice/data  networks 

►  advantages  of  voice  services  over 
wireless  networks 

►  techniques  for  creating  virtual 
private  networks 

►  strategies  for  integrating  new  voice 
technologies  with  legacy  nets 

WHO  WILL  BE  THERE? 

►  Johna  Till  Johnson,  President 
of  Nemertes  Research 

►  Sandra  Gittlen,  Events  Editor 
for  Network  World 

And  leading  executives  involved  in 

enterprise  voice  technologies 

►  network  managers 

►  telecommunications  managers 

►  call  center  managers 

►  senior  IT  executives 
(VP  and  CxO  level) 


This  event  is  limited  to  Network  and  IT 
professionals  involved  in  the  evaluation, 
purchase  and  implementation  of  VoIP  and 
IP  telephony  Network  World  Events  reserves 
the  right  to  determine  total  audience  and 
profile  of  complimentary  attendees.  Paid 
registration  is  also  available. 


and  into  an  immediate  and  productive  asset. 

It  begins  at  the  first  Network  World  Technology  Tour  event  of  2004  —  VoIP:  IP  telephony 
from  dollar  one  to  dollars  won.  An  information-rich  opportunity  for  anyone  involved  in  the 
deployment  and  management  of  enterprise  voice  technologies.  The  industry's  only  one-day 
seminar  on  IP  telephony  that  provides  both  strategic  vision  and  practical  applications. 

Register  now  and  you’ll  immediately  see  the  benefits  enterprisewide.  In  the  smile  of  a  new 
customer.  The  increase  in  your  sales.  In  the  countless  ways  you  can  turn  the  promise  of  VoIP 
and  IP  telephony  into  pure,  practical  power. 
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To  join  sponsors  of  this  premier  Network  World  Event,  please  contact  Andrea  D'Amato  at  1  -508-490-6520  or 
adamato@nww.com  for  free,  no-obligation  information. 
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speed-enhancing 
technologies  to, 
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tuned  environments  with  network  packets 
humming  along  at  a  disciplined  pace;  oth¬ 
ers  operate  at  a  halting  cadence  on  shared 
media  and  cabling  from  the  first  Bush 
Administration.  Whichever  camp  you’re  in, 
check  out  these  tips  from  corporate  IT  vet¬ 
erans  and  industry  experts  for  kicking  the 
network  up  a  notch: 

I  Go  jumbo.  Users  could  squeeze 
more  performance  out  of  their 
#  networks  with  jumbo  frames 
technology. 

Switches  and  network  interface  cards 
(NIC)  configured  to  support  jumbo 
frames  can  process  packets  larger  than 
the  IEEE-standard  size  of  1.5K  bits.  Some 
equipment  supports  packets  as  large  as  9K 
bits,  but  there  is  no  standard  packet  size 
for  jumbo  frames. 

“There  is  no  doubt  that  for  higher  band¬ 
width  Ethernet  [such  as  Gigabit  and  10G] 
that  jumbo  frames  can  be  more  efficient,” 
says  Jeffrey  Fritz,  the  director  of  enterprise 
network  services  at  the  University  of  Cali¬ 
fornia,  San  Francisco,  and  a  member  of 
Network  World’s  Global  Test  Alliance.“Now 
that  10  Gigabit  Ethernet  is  here  and  40 
Gigabit  Ethernet  is  on  the  horizon,  there 
seems  to  be  some  resurgence  of  interest.” 

Switch  vendors  with  gear  that  supports 
jumbo  frames  include  3Com,  Cisco, 
Extreme  Networks,  Force  10  Networks, 
Foundry  Networks,  HP  and  Nortel. 

The  trick  with  jumbo  frames  is  that 
switches  receiving  jumbo  frames  that  are 
not  set  up  to  do  so  will  drop  or  fragment 
the  data.  Often, switches  supporting  jumbo 
frames  must  be  from  the  same  vendor  as 
well.  Fritz  says  that  implementing  jumbo 
frames  should  be  limited  to  such  connec¬ 
tions  as  server-to-server  file  transfers  or 
back-up  jobs. 

Check  your  wiring.  Some¬ 
times  speeding  network  perfor- 
#  mance  is  as  simple  as  looking 
under  a  desk  or  into  a  conduit  in  a  drop 
ceiling. 

“There  are  lots  of  reasons  people  should 
reevaluate  their  cable  plant  and  determine 
whether  its  up  to  snuff,” says  Jim  Trulove.an 
Austin, Texas,  independent  network  consul¬ 
tant  and  the  author  of  the  books  LAN 
Wiring:  An  Illustrated  Guide  to  Network 
Cabling  and  Broadband  Networking. 

When  bad  cabling  or  connectors  are  the 
issue, “usually  it  will  result  in  packet  loss,” 
instead  of  links  going  completely  dead, 
Trulove  says. 

This  can  be  more  of  a  problem.  He  says 
putting  a  network  sniffer  on  a  link  and  dis¬ 
covering  an  unusual  amount  of  packet  re¬ 
transmissions  is  a  sign  there  could  be  a 
problem  with  the  cable. 

Environmental  factors  also  can  cause 
problems,  Trulove  says.  Wires  near  eleva¬ 
tors  or  heating  systems  —  which  can  emit 


electromagnetic  fields  —  can  cause  prob¬ 
lems.  Shielding  on  cable  exposed  to  the 
outdoors  or  in  unheated  conduits  can 
crack  and  affect  performance, Trulove  says, 
but  this  can  solved  by  installing  wire  con¬ 
duits  with  special  shielding.  He  also  rec¬ 
ommends  doing  an  audit  of  your  network 
cabling  and  upgrading  to  at  least  Category 
5e  or  6  on  all  connections. 

3  Turn  on  full  duplex  every¬ 
where.  Verifying  the  connec- 
#  tion  speeds  on  10/100M  or 
10/100/100M  bit/sec  links  is  another  step 
users  can  take  to  speed  up  their  LANs, 
especially  as  copper-based  Gigabit  is  used 
more  widely  on  desktops  and  servers. 

“It  doesn’t  matter  if  your  equipment  says 
it  has  autonegotiation  or  not;  you  should 
verify  the  speeds  on  all  links,”  says  David 
Newman,  president  of  Network  Test,  a  net¬ 
work  hardware  testing  and  consulting  firm, 
and  a  member  of  the  Network  World 
Global  Test  Alliance. 

NICs  on  PCs  are  notorious  for  having  the 
wrong  settings  because  end  users  acci¬ 
dentally,  or  deliberately,  change  a  PC  from 
full  duplex  to  half  in  software.  Sometimes 
switches  can  leave  the  factory  with  mis- 
configured  ports.  Most  switches  come  with 
management  tools  that  let  users  view  port 
status  across  all  connections  on  the  box, 
Newman  says. 

Monitoring  links  speeds  is  important  in 
finding  out  if  two  ports  have  mismatched 
duplex  settings.  Newman  recommends  a 
free  software  tool  called  Multi-routerTraffic 
Grapher  that  let  users  view  link  perfor¬ 
mance  and  determine  if  duplex  settings 
are  an  issue. 

Extend  Layer  3  switching  to 
the  wiring  closet  Another 
#  way  to  boost  LAN  performance 
is  to  install, or  turn  on.  Layer  3  switch  fea¬ 


tures  in  switches  connected  to  desktop 
machines. 

Instead  of  installing  a  full  router  in  the 
wiring  closet,  many  switches  offer  basic  IP 
routing  and  Layer  3-based  quality-of- 
service  features  on  LAN  edge  switches. 

With  Layer  3  features  at  the  LAN  edge, 
“you  don’t  have  to  send  every  bit  of  traffic 
to  the  big  router  in  the  sky  to  be  routed,” 
Trulove  says.  For  example,  if  two  nodes  are 
on  separate  virtual  LANs  but  plugged  into 
the  same  switch,  a  Layer  3  edge  switch  can 
route  traffic  between  the  two  nodes. 

Trulove  says  such  a  network  is  more  com¬ 
plex  than  a  flat  Layer  2  LAN  and  more  sus¬ 
ceptible  to  bugs. 

“A  corrupted  routing  table  is  not  some¬ 
thing  you  normally  have  to  worry  about  on 
a  hub,”  he  adds. 

Add  route  control.  Imple¬ 
ment  route  control  or  route  opti- 
#  mization  at  sites  that  have  more 
than  one  Internet  connection,  a  configura¬ 
tion  called  multi-homing.The  route-control 
equipment  sits  at  such  a  site  and  is  con¬ 
nected  to  the  network  as  a  Border  Gateway 
Protocol  (BGP)  peer.  BGP  is  the  router 
mechanism  that  determines  which  Inter¬ 
net  connection  to  use  based  on  the  one 
that  requires  the  fewest  router  hops  to 
reach  the  destination. 

But  factors  other  than  the  number  of 
hops  can  slow  things  down.  Route-control 
gear  also  can  determine  how  much  a  link 
costs  to  decide  the  best  route  based  on  a 
mix  of  performance  and  price,  something 
BGP  cannot  do. 

Larry  Pfeifer,  network  engineer  at  Wide- 
ner  University  in  Chester,  Pa.,  uses  Route- 
Science  Technologies  gear  to  divert  traffic 
to  the  best  performing  of  its  three  Internet 
access  lines:  one  from  Internet  2, one  from 
Yipes  Communications  and  one  from 
See  Oomph,  page  60 
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torage-area  networks  have 
helped  scores  of  organizations  more  easily 
allocate  and  manage  storage  resources, 
but  most  SAN  installations  are  dedicated 
to  servers  supporting  one  application.  To 
gain  more  value,  these  SAN  islands  need 
to  be  integrated.  But  what  is  the  best  way 
to  do  that? 

Because  SANs  weren’t  initially  designed 
to  work  together,  a  number  of  issues  come 
into  play,  from  performance  and  stability 
to  political  hurdles  concerning  who  has 
responsibility  for  what.  The  latter  can  be 
more  challenging  than  any  of  the  tech 
problems. 

What  follows  is  a  summary  of  lessons 
learned  from  network  executives  and  stor¬ 
age  experts  who  already  have  started  down 
the  path  of  integrating  SANs.  The  bottom 
line  is  that  while  technology  in  this  area  is 
still  maturing  and  standards  have  yet  to  be 
defined,  it  makes  sense  to  at  least  start  mov¬ 


ing  in  this  direction. 

“Companies  have  spontaneously  ac¬ 
quired  SAN  islands  to  serve  specific  appli¬ 
cations  or  departments,”  says  Tom 
Clark,  director  of  SAN  technology 
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Checklist 


Three  approaches  to  integrate  SAN  islands 

and  what  to  watch  for: 

•  Swap  out  multiple  smaller  fixed-port  switches  for  a 
large  director- 1  eve  I  switch. 

•  Shift  smaller  fixed  port  SAN  switches  to  the  edge  and 
tie  them  back  to  a  large  director-level  switch  at  the  core. 

•  Link  geographically 
distributed  SANs  via  Fibre 


Channel  over  IP  (FC/IP)  or 
the  Internet  Fibre  Channel 
Protocol  (IFCP). 
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FC/IP  or  IFCP 
remote  link 
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Director 
level  or 
fixed - 
port  SAN 
switch 


□  Watch  out  for 
queues  backing 

up.  Consider 
aggregating  ports 
via  trunking  so  a 
queue  can  be 
serviced  by 
multiple  ports, 
increasing 
throughput. 


Chasis- 
based 
director 
level  SAN 
switch  with 
64  or  more 
ports 
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Watch  out  for  Inter¬ 
switch  link  (ISL)  design. 

Each  ISL  hop  introduces 
latency,  and  the  general 
goal  is  to  limit  hop  count. 
ISLs  should  never  exceed 
two  hops. 


Fixed-port 
edge  SAN 
switches 


□  Watch  out  for  failure.  It’s 
best  to  use  redundant  links 
between  components  to 
ensure  fault  tolerance. 


V. 
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islands 


for  McData. “Shops  may  have  two,  four,  10 
or  100  SANs.  By  connecting  SAN  islands 
you  can  share  assets  like  tape  libraries, 
add  a  storage  array  to  provide  capacity  to 
different  applications  or  consolidate 
management.” 

First  steps 

Kent  Smith,  president  of  IPSO,  a  systems 
integrator  in  Wayland  Mass.,  says  the  first 
thing  you  need  to  do  is  establish  deploy¬ 
ment  standards. 

“Standards  for  the  hardware  you’re 
going  to  allow  to  be  used,  the  technol¬ 
ogy  you’re  using  to  interconnect  the 
SANs  —  whether  it’s  Fibre  Channel  or 
SCSI  or  iSCSI  or  whatever  —  and  stan¬ 
dards  for  the  software  layer  to  manage 
those  SANs,”  he  says. 

That  might  mean  scrapping  some  in¬ 
vestments  and  modifying  others,  but 
keep  in  mind  that  technology  is  moving 
in  the  direction  of  integration. 

“What  you’re  seeing  from  a  lot  of  ven¬ 
dors  is  hardware  that  makes  it  easier  to  in¬ 
tegrate  these  things,”  Smith  says.  “EMC, 
Brocade,  HPeverybody  is  trying  to  make  it 
easier  to  put  a  hardware  layer  in  between 
SANs  to  create  a  virtual  single  SAN  out  of 
independent  islands.” 

In  the  end,  SAN  islands  typically  are  inte¬ 
grated  in  three  ways,  experts  say: 

•  Consolidated  in  a  simple  core  fashion 
in  which  a  large  director-level  switch  —  a 
chassis-based  switch  with  64  or  more 
ports  and  built-in  redundancy  and  avail¬ 
ability  features  —  replaces  smaller  fixed- 
port  switches. 

•  Deployed  in  a  core-to-edge  strategy, 
where  larger  director-level  switches  at 
the  core  of  the  data  center  are  attached 
to  smaller  fixed-port  switches  at  the  net¬ 
work  edge. 

•  Linked  over  distances  with  Fibre  Chan¬ 
nel  over  IP  (FC/IP)  or  Internet  Fibre  Chan¬ 
nel  Protocol. 

What’s  most  appropriate  depends  on 
legacy  infrastructure  and  the  ultimate  goal 
of  the  project. 


On  the  cutting  edge 

When  United  Airlines  Loyalty  Services, 
the  wholly  owned  e-commerce  arm  of 
United  Airlines,  realized  it  was  time  to  take 
the  next  step  and  integrate  its  SAN  islands, 
it  didn’t  want  to  scrap  existing  investments 
so  went  with  a  core-to-edge  strategy 

Gary  Pilafas,  senior  storage/systems 
architect  started  with  three  SANs,  one 
based  on  Brocade  Silkworm  12000  direc¬ 
tor-level  switches  in  its  central  Elk  Grove, 
Ill.,  data  center  and  two  more  based  on 
six  Silkworm  2800  and  two  3800  switches 
several  miles  away  in  a  Schaumberg,  III., 
data  center. 

To  link  them,  Pilafas  installed  CNT  Ultra- 
Net  Edge  Routers,  which  convert  Fibre 
Channel  traffic  into  IP  for  transmission  over 
a  Gigabit  Ethernet  metropolitan-area  net¬ 
work  from  service  provider  Nacio  Systems. 
Besides  providing  core  connectivity,  the 
FC/IP  link  supports  replication  and  disas¬ 
ter  recovery. 

Pilafas  already  had  integrated  the  SAN 
fabrics  within  UAL  Loyalty  Services  when 
the  call  came  from  corporate  to  connect 
them  to  UAL’s  existing  SANs.  He’ll  again  use 
a  core-to-edge  strategy  to  do  that. 

“As  we  move  toward  integrating  with  UAL, 
we  want  to  establish  a  point  in  one  SAN 
where  we  put  our  director-level  switches,” 
he  says.“Then  we  will  consolidate  our  SAN 
islands  into  the  core.  Each  island  can  logi¬ 
cally  become  an  edge  SAN.  We  want  to 
have  a  common  fabric  across  all  of  UAL  to 
be  able  to  utilize  resources  that  are  not 
always  busy’ 

Like  UAL,  MasterCard  is  pursuing  a  core- 
to-edge  SAN  integration  approach, one  that 
it  hopes  will  save  money  in  the  long  run. 

MasterCard  initially  brought  in  SANs  to 
address  the  extensive  data  synchronization 
that  was  required  with  its  direct-attached 
storage  systems. 

“We  were  consolidating  from  individual 
servers  with  non-shareable  [storage]  re¬ 
sources  into  an  environment  of  larger  serv¬ 
ers  capable  of  supporting  multiple  appilca 

Scs  SAft,  page  60 
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continued  from  page  57 

tions”  all  backed  up  by  SANs,  says  Jerry 
McElhatton,  president  of  MasterCard’s 
Global  Technology  Operations  in 
O’Fallon,  Miss. 

While  the  SANs  “released  pockets  of 
underutilized  capacity  and  reduced  the 
need  to  have  redundant  copies  of  data 
and  the  associated  synchronization 
issues,” each  SAN  was  still  land-locked. 

“We  [now]  are  bridging  the  SAN  is¬ 
lands  with  a  common  set  of  platforms 
and  tools  to  allow  for  complete  cross¬ 
platform  sharing  and  accessibility” 
McElhatton  says. 

He  used  a  series  of  edge  switches  that 
feed  into  larger  director-level  switches  to 
give  servers  multiple  paths  to  storage. 

“This  final  phase  reduces  our  ports, 
cabling  and  switch  requirements,  and 
decreases  the  need  to  buy  additional 
disk  for  individual  servers,  all  of  which 
reduces  our  overall  costs,”  he  says. 

Possible  pitfalls 

As  with  any  technology  deployment, 
there  are  traps  you  need  to  watch  for. 
Case  in  point:  extending  a  SAN  with  too 
many  edge  and  director-level  switches. 

“You  have  to  be  concerned  with  inter¬ 
switch  links  [ISL]  so  you  don’t  create 
artificial  bottlenecks,” says  Randy  Kerns, 
an  analyst  with  Evaluator  Group.  An  ISL 
is  created  when  two  Fibre  Channel 
switches  are  tied  together  via  ports 
called  e-Ports.  Each  ISL,  or  hop,  intro¬ 
duces  latency,  and  the  general  goal  is  to 


limit  hop  count. 

“ISL  hops,  when  used  improperly,  can 
become  a  problem,”  says  Lee  Abraham- 
son, Solutions  Development  Manager  for 
CNT.  “The  Fibre  Channel  protocol  is 
about  how  a  server  finds  a  target.  If  you 
have  a  random  ISL  structure  with  ISLs 
going  every  which  way,  you  may  have 
created  ISLs  that  never  get  used  because 
the  [routing]  algorithm  is  based  on  hop 
count,”  Abrahamson  says.“For  instance,  if 
one  route  has  two  hops,  and  the  other 
has  three,  Fibre  Channel  will  never  select 
the  one  that  is  longer” 

Another  thing  to  watch  out  for  is 
queues  backing  up,  which  slows  data 
transfer.  McData’s  Clark  says  a  technique 
called  trunking  can  be  used  to  manipu¬ 
late  traffic  queues  and  manage  traffic 
across  integrated  SANs. 

“Instead  of  having  each  SAN  port  man¬ 
ipulate  a  queue,  which  can  get  backed 
up  and  overloaded  [with]  slowing  traf¬ 
fic,  a  customer  can  aggregate  the  ports 
via  trunking  and  move  the  queue  so  it 
can  be  serviced  by  multiple  ports. 
Throughput  is  increased  and  traffic  is 
load  balanced  across  those  ports.” 

United’s  Pilafas  uses  trunking  to  in¬ 
crease  access  to  his  storage. “We  trunk 
to  the  3800  and  then  with  the  2800s  we 
use  ISLs  to  get  to  the  core  of  the  SAN,” 
he  says.  “We  have  more  servers  con¬ 
nected  to  the  ISL  fabric  than  the  trunk 
fabric.  Our  total  environment  is  about 
600  ports.” 

Kerns  says  integrating  SAN  islands 
might  require  dealing  with  political 
problems  within  an  organization. 


Because  SANs  have  grown  indepen¬ 
dently,  they  often  are  segmented  by  polit¬ 
ical  and  departmental  boundaries. 
“When  you  centralize  SAN  islands  you 
do  it  to  see  dollar  savings,  but  you  have 
to  cross  political  domains.  You  have  the 
political  concern  you  have  to  deal  with 
first,”  he  says. 

Common  management  tools  some¬ 
times  can  help  mitigate  these  disputes. 
“You  want  to  make  sure  you  have  roles- 
based  administration  so  the  guy  who’s 
handling  the  topology  has  a  different 
view  of  the  SAN  from  the  guy  managing 
the  local  domain,”  Kerns  says.  “The  big 
decision  is  what  software  I’m  going  to 
use  to  manage  that  visibility 

Beside  management  and  politics, 
McData’s  Clark  says  the  biggest  concern 
with  SAN  integration  is  stability 

“The  problem  today  is  that  if  I  simply 
e-Fbrt  switches  together,  then  I  create  this 
large  Layer  2  fabric,  and  that  may  be 
problematic  in  a  number  of  ways,”  Clark 
says.“If  you  create  a  native  Fibre  Channel 
extended  fabric  with  two  or  more  SAN 
islands,  the  whole  fabric  becomes  sus¬ 
ceptible  to  fabric  reconfiguration,  to 
state  change  notification  broadcasts.” 

Fibre  Channel  switches  are  similar  to 
Layer  2  Ethernet  switches,  he  says.  They 
maintain  information  about  all  the  pos¬ 
sible  routes  between  devices.  When  a 
link  breaks,  a  fabric  reconfiguration  oc¬ 
curs  because  the  switches  must  re¬ 
evaluate  which  switch  is  the  primary 
switch  in  the  SAN,  what  its  unique 
address  is  and  the  addresses  of  the  de¬ 
vices  attached  to  it,  thus  disrupting  the 


SAN  traffic.  When  a  new  device  is  added 
or  removed  from  the  fabric,  a  state- 
change  notification  is  issued,  thus  slow¬ 
ing  traffic. 

Rich  Copple,  CTO  of  Community 
Health  in  Indianapolis,  decided  to  avoid 
integration  for  just  those  reasons. 

“We  created  three  SAN  islands  on  pur¬ 
pose  and  have  not  consolidated/inte¬ 
grated  any  he  says.  “We  had  a  specific 
purpose  for  keeping  our  fabrics  separate, 
which  is  redundancy  and  fault  toler¬ 
ance.  Our  design  eliminates  pushing  a 
bad  switch  configuration  to  a  domain 
that  includes  our  whole  environment 
and  possibly  impacting  ourTier-1  SAN.” 

What  has  to  be  considered  is  whether 
the  benefits  of  integrating  SANs  out¬ 
weigh  any  challenges,  IPSO’s  Smith  says. 
If  integrating  SANs  seems  to  be  the  best 
way  to  go, the  first  thing  to  do  is“establish 
standards  for  hardware  and  software,"  he 
says.  “Establish  your  benchmark  stan¬ 
dards  as  something  to  evolve  to.  That 
doesn’t  mean  you  have  to  immediately 
conform  to  those  standards, but  establish 
what  your  objective  standards  are.” 

Then  after  investigating  options  and 
putting  a  solid  plan  in  place,  “overesti¬ 
mate  the  amount  of  storage  you’re  going 
to  need,”  Smith  says.“You’ll  still  come  up 
short.  Data  expands  to  fill  the  space  avail¬ 
able.  The  more  space  you  make  available 
to  your  users  the  more  they  will  demand, 
which  brings  up  the  last  piece  of  advice: 
Have  a  reasonable  chargeback  policy  to 
limit  what  is  currently  unlimited  growth. 
Storage  has  to  cost  something.  It  has  to 
have  a  value  for  it  to  be  controllable.”  ■ 


Oomph, 

continued  from  page  56 

Southern  New  Jersey  Internet  Provider. 

He  says  the  gear  improves  perfor¬ 
mance  over  BGP-chosen  routes  to 
50,000  Internet  prefixes  by  an  average  of 
75.4%.  The  improvement  jumps  to  95% 
when  compared  to  the  performance 
change  of  the  bottom  20%  of  those  pre¬ 
fixes,  he  says.The  average  time  saved  is  2 
seconds, and  5.2  seconds  for  the  bottom 
20%,  he  says. 

Other  vendors  of  such  equipment  in¬ 
clude  netVmg,  Proficient  Networks  and 
Sockeye  Networks. 

6  Employ  packet  shaping. 

Packet  shapers  set  traffic  into 
•  queues  based  on  application 
with  the  idea  of  giving  key  applications 
or  delay-sensitive  programs  priority  over 
others.This  can  be  done  by  limiting  cer¬ 
tain  applications  to  a  certain  amount  of 
bandwidth  or  by  blocking  them  alto¬ 
gether.  The  devices  sit  in-line  with  traffic 
is  it  heads  toward  the  WAN  from  LAN 
lovxes,  and  companies  such  as  Net- 
k  -ality  and  Packeteer  make  traffic 
shapers. 

By  using  Packeteer  equipment  that 
gives  priority  to  a  Citrix  Systems-based 


medical  records  application  called 
MultiAccess, Western  Washington  Oncol¬ 
ogy  in  Olympia, Wash.,  was  able  to  elim¬ 
inate  most  end-user  help  calls. 

Five  offices  connect  to  each  other 
over  the  Internet  via  VPN,  but  each  has 
a  limited  amount  of  bandwidth,  a  T-l 
line  (1.54M  bit/sec),  connecting  it  to 
the  Internet.  According  to  Craig  Wyzik, 
IT  manager  for  the  healthcare  pro¬ 
vider,  he  set  Packeteer  gear  to  give 
MultiAccess  top  priority  followed  by 
laboratory  applications,  Web  browsing 
and  then  e-mails. 

Wyzik  says  that  before  installing 
Packeteer  equipment  a  year  ago,  most 
Citrix-related  complaints  could  be 
traced  to  large  e-mail  attachments,  soft¬ 
ware  downloads  or  file  share  hogging 
bandwidth.  Since  then,  the  source  of 
complaints  about  poor  performance  for 
MultiAccess  have  to  do  with  bugs  in  the 
software,  he  says. 

7  Apply  compression,  wan 

connections  generally  are  too 
#  small  to  pass  traffic  as  if  it 
were  on  the  LAN,  because  of  the  high 
price  of  long-distance  bandwidth.  But 
equipment  placed  at  each  site  con¬ 
nected  to  the  WAN  can  scan  the  traffic, 
replace  repetitive  patterns  with  shorter 


patterns  and  thereby  reduce  the  num¬ 
ber  of  bits  that  have  to  be  sent  across 
narrow  WAN  connections. This  gives  the 
effect  of  increasing  bandwidth.  Comp¬ 
anies  such  as  Expand  Networks  and 
Peribit  sell  this  type  of  equipment. 

The  results  can  be  dramatic.  For  in¬ 
stance,  optical  equipment  vendor 
Finisar  uses  Peribit  compression  gear  on 
links  to  four  other  company  sites,  one  as 
far  away  as  Malaysia,  says  Chip  Greel, 
Finisar’s  network  architect. 

Use  of  the  gear  cuts  the  volume  of  traf¬ 
fic  in  half,  letting  the  company  connect 
to  the  Malaysia  site  via  a  T-l  connection 
rather  than  paying  $6,000  per  month  for 
a  second  T-l, he  says.  Depending  on  the 
traffic  mix  at  the  moment,  sometimes 
traffic  is  reduced  by  as  much  as  70%, 
Greel  says. 

Without  Peribit  devices,  boosting  per¬ 
formance  at  other  sites  would  require 
more  bandwidth  at  additional  monthly 
costs,  he  says. 

Add  zip  to  SSL.  Redline 

Networks’  acceleration  appli- 
#  ances  speed  up  Internet 
Secure  Sockets  Layer  transactions  by 
reducing  the  number  of  bits  it  takes  to 
transmit  Web  pages  by  50%  to  70%  using 
compression  and  editing  out  data  not 


needed  for  the  requesting  machine  to 
build  the  page. 

It  also  cuts  the  number  of  TCP  requests 
application  servers  have  to  handle. 
Getting  swamped  by  such  requests  can 
slow  transaction  times  on  busy  servers  to 
a  crawl.  Redline  appliances  create  TCP 
sessions  to  the  servers  but  then  multiplex 
requests  from  many  requesting 
machines  across  a  single  TCP  session. 

Redline’s  equipment  has  saved  Chart- 
One  Medical  in  San  Jose,  from  buying 
more  Sun  servers  to  handle  access  to  its 
Web-based  ReopleSoft  financial  applica¬ 
tion,  says  Henry  Svendblad,  ChartOne's 
director  of  IT.  The  site  handles  more  than 
300, 000  transactions  per  day  CPU  use 
dropped  from  80%  to  90%  down  to 
between  2%  and  10%.  He  also  has  been 
able  to  drop  the  use  of  terminal  servers 
ChartOne  had  used  a  way  to  enable 
access  to  PeopleSoft  over  low  bandwidth 
connections.  ■ 

More  online! 

Stay  on  top  of  the  latest 
news  and  advice  on  get¬ 
ting  the  most  out  of  your 
LAN. 
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B-1500 


The  GB-1 500  Firewall/VPN  Appliance  offers  hardware 
VPN  acceleration  for  corporate  offices  demanding 
high  performance  connectivity. 

•  Unrestricted  concurrent  outbound  users 

•  Four  1 0/1 00  Ethernet  interfaces 

•  Hardware  VPN  acceleration 

•  Options:  Surf  Sentinel  content  filtering  &  ^A-High  Availability 

•  ICSA  4.0  Corporate  certified  GNAT  Box  System  Software 

Powerful  firewall  for  demanding  networks! 

One  of  five  new  firewall  appliances  in  the  GTA  Firewall  Family. 
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Products 
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Cyclades  data  center  management  solutions  offers  a  full  range 
of  security  features  across  its  entire  product  line  of  console  servers, 
power  management,  KVM,  biometric  scanner  and  network  management. 
With  SSH  v2,  IP  Filtering,  strong  authentication,  event  logging  and 
data  logging,  Cyclades  can  make  your  network  into  a  secure 
heavyweight  contender  in  the  data  center  world. 
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www.cyclades.com/nw 

1.888.cyclades  •  sales@cyclades.com 
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Custom  Management  Levels 


Test-drive  the  new  Observer  9.0  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-7919  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


OBSERVER 

•  Decode  over  500  protocols 

•  Long-term  network  trending  &  analysis 

•  Real-time  statistics 


Remote  &  Hardware  Options 


REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 


EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

•  Expert  Analysis 

•  Connection  Dynamics 


Introducing  Observer  9.0 


GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


New  Application  Analysis 

Remote  probes  now  provide  multi-interface  and 

multi-session  support 

Industry-first  4GB  packet  capture  buffer 

Wireless  Site  Survey  Modes 

Nanosecond  resolution 

Now  over  450  Expert  Events 

SNMP,  RMON  and  now  HCRMON  support 


OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RM0N1,  RM0N2,  HCRMON 

•  Web  Publishing  Reports 
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CrystalView™ 

CAT 5  KVM  EXTENDER 

♦  Extends  your  KVM  station  up  to 
1000'  from  your  computer 

♦  Supports  PC,  Sun,  or  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 
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CrystalView™  Mini 
CAT 5 KVM  EXTENDER 

♦  Extends  KVM  station  up  to  150 
feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 
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UltraLink™ 
REMOTE  KVM  ACCESS  OVER  IP 

Connect  to  remote  computer  over  Ethernet  or  dial-up 
Single,  dual,  quad  models 

Local  KVM  port  to  access  computers  at  UltraLink  unit 
»  Modem  port  with  dial-back  security 

Up  to  1 280x1 024  resolution,  supports  all  platforms 

Easy  to  install,  give  it  an  IP  address  and  run  the 
remote  client,  no  licensing  required 

Scaling  of  computer  image  reduces  amount  of  data 
sent  and  permits  fast  screen  updates  over  slow  links 

Quad  screen  mode  allows  you  to  see  four  servers 
from  one  screen 

SSL  security  and  passwords  prevents  unauthorized 
access 


ELECTRONICS 


♦  Up  to  1280x1024  resolution 


♦  Up  to  1 600  xl  200  resolution 

♦  Available  as  standalone,  rack 
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CrystalView™  Pro 

DIGITAL  KVM  EXTENDER 

OVER  FIBER  OR  GAT  5 

♦  Extends  KVM  signals  up  to  33,000 
feet  away 

♦  Uses  only  two  fibers  or  single  Cat  5 

♦  Supports  DVI/VGA,  PC,  Sun,  USB, 
optional  Audio/Serial 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600x1200  resolution 


CrystalView™  Rack 
CAT 5  KVM  EXTENDER 

♦  Extends  the  distance  from  6  or  1 2 
PC's  up  to  1000  feet  away 

♦  optional  serial/audio 

♦  Single  or  dual  (dual  supports 
second  KVM  station) 

♦  Up  to  1 600x1200  resolution 
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Yes,  you  can  Switch 
Power  over  the  Internal... 


W^u 


www.  wti.  com 


(800)  854-7226 


Servers,  routers,  and  other  electronic  equipment  sometimes 
“lock-up,”  often  requiring  a  service  call  to  a  remote  site  just  to  flip 
the  power  switch  to  perform  a  simple  reboot... 

The  NBB  “Mini”  Boot  Bar  Power  Switch,  gives  you  the  ability  to 
perform  this  function  from  anywhere! 

■  Web  Browser  Access  for  Easy  Operation 

■  Telnet  and  Serial  Access 

■  Encrypted  Password  Security 

■  Five  Individual  Outlets 

■  Power-up  Sequencing 

■  On  /  Off  /  Reboot  Switching 

■  Versatile  Zero  U  Mounting 
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NETWORK  BOOT  BAR 

LOCATION:  NBB  Live  Demo  Unit 

SWITCH  PANEL 

Firmware  Version:  1.01 
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Switches 


Step  into  the  future  of  networking  with  ZyXEL's  line  of  Gigabit  switches.  With  data  transfer  rates  of  up  to  10 
times  faster  than  traditional  10/100  Mbps  switches  and  great  affordability,  ZyXEL’s  Gigabit  switches  are 
perfect  for  demanding  enterprise  class  businesses  while  remaining  well-priced  enough  for  small  and  medium 

business  applications. 


ZyXEL 
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■  Secure  Shell  (SSHv2)  Encryption 

■  Simultaneous  SSH  or  Telnet 


(800)  854*7226  •  www.wti.com 


SSH  if  Out-Band  Access  to 
Consoles  at  Remote  Locations 


■  Non-Connect  Port  Buffering 

■  SYSLOG  Reporting 

■  SNMP  Capability 

■  Any-to-Any  Port  Switching 

■  IP  Security  Features 

■  10/100  Base-T  Ethernet  Port 

■  Port-specific  Password  Protection 

■  Data  Rate  Conversion 

■  1 1 5/230VAC  or  -48VDC  Models 

The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  and  maintenance  ports  on  UNIX 
servers,  routers  and  any  other  network  elements  which  have  a  serial  console 
or  craft  port.  System  administrators  can  access  serial  maintenance  ports 
over  the  network  via  SSH  connections  and  simple  menu-driven  commands, 
or  through  a  discrete  TCP  port  connection  mapped  directly  to  one  of  the 
SCM-16  serial  outputs. 


Visit  website  for  complete  NetReach™  product  line. 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 
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0U  WANT  COMPLETE  VISIBILITY. 


MAKE  IT  HAPPE1 


Remote  Monitoring  Solutions 

RM0N  and  HCRM0N  Probes 

You  want  remote  monitoring  solutions  for  visibility  into  every  part  of  your  network.  With 
RMON  and  HCRM0N  Probes  from  Network  Instruments,  it’s  easy.  Convert  any  PC  into  a 
complete  remote  network  monitoring  data  collection  device.  Use  the  RMON  appliance  Vv. / 

(available  in  1 U  and  4U  systems)  for  a  full  turn-key  solution.  Call  800-526-7919  for  more 
information  or  visit  our  website  at  www.networkinstruments.com/RMON. 
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One  Network  ^  Complete  Control 

Wired  to  Wireless  •  LAN  to  WAN  ■  / 


Full  compliance  with  RM0N1 ,  RM0N2  and  HCRMON 
High  capacity  RMON  Probes  provide  full-duplex  Gigabit 
capture  compatible  with  any  RMON  management  console  or 
collection  facility  (Observer,  OpenView,  Concord', 
NetScout",  Micromuse"1) 

Complete,  industry  standard,  software-based  probes  for 
Windows  2000/XP 

Software  based,  non-dedicated  data  collection 
Compatible  with  Network  Instruments’  optimized  ErrorTrak'11 
NOIS  drivers,  which  display  true  errors-by-station. 
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True  Zero  U  Power 
Management  Over  IP 
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jo/ioo  BaseT  Ethernet 

IP  for  HTML.  SNMP  8 
Telnet  Management 


RS-232 
Serial  Management 


Link  Port 
(daisy  chains  to) 

Expansion  Module 


Power  Tower  XL 

•  Outlet  Grouping  across 
power  circuits 

•  input  Current  Monitor 

•  New  HTML  GUI 

•  Power-up  Sequencing 

•  Zero  If  vertical  and  Rack- 
mount  horizontal  models 

•  Add  a  second  Power  Tower 
■  to  manage  32  power-ports 

r  ;f  Sentry  Power  Tower. 

*  Equipment  Cabinet  Solutions. 
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Server  Technology,  Inc. 


1040  Sandhill  Drive  Reno,  Nevada  89511  USA 
www.servertech.com  toll  free:  1.800.835.1515 


Overnight  Deliver 
Fully  Warranty 
40%-90%  off  List  Pi 
Free  Tech  Suppo 


mimziKamib 


We  Buy  New/Used 

CISCO 


714-818-2953 

Call  us  today  to  recover 
your  assets 

You  got  the  gear,  ^ 
we  got  the  cash! 


^  Attention  Resellers! 


SECUREMATICS 

The  Right  decision  for  Security  Products 

Best  Source  for  SONKWALL 
Security  Products! 

•  Inventory  on  hand 

•  Aggressive  prices 

•  Added  margins  with  training 

•  Pre  sales-Post  sales  support 

Securematics  is  a  SonicWALL  Authorized  Distributor 
And  Authorized  Training  Partner. 


To  sign  up  tor  the  MedaHon  Partner  Program,  please  contact  us. 


Call  -  888-746-6700  sales@securematics.com  www.securematics.com 


Tel:  408.727.1122 
Fax:  408.727.8002 

3-43  1  OE  LA  CRUZ  BLVD. 
WWW.RECURRENT.COM 


HI 
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technologies.  ine. 

SANTA  CLARA.  CA  95054 
INFO@RECURRENT.COM 


non  OPTIC  SOLUTIONS 


•  Tl/El  &  T3/E3  Modems 

•  RS  232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO  9001 


S.I.TECH 

loll  Free  866  SITech  1 


630T61  3640,  Fax  630-761  3644 
www.silefh-bildriyer.tom  or  wwwsitefhfiber.com 
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dtSearch- 


dtSearch* 


Instantly  Search 


dtSearclr 


'Industrial-strength.. 
SUperb"-PC  Magazine 


♦  Search  across  networks,  intranets,  and  web  sites 

♦  Publish  large  document  collections  to  web  or  CD/DVD 

♦  over  two  dozen  indexed,  unindexed,  fielded  and  full-text  search  options 

♦  highlights  hits  in  HTML  and  PDF  while  displaying  embedded  links 


Oi/I  VWlJw 

-*  "Industrial-strength 
I  superb"-PC  Magazi^ 


dtSearch! 


formatting  and  mm 

♦  converts  other  file  types— word  processor,  database,  spreadsheet,  email 
ZIP,  XML,  Unicode,  etc.— to  HTML  for  display  with  highlighted  hits 

♦  developer  products  have  easy  wizard-based  setup;  optional  API 


dtSearch! 


Searches  at  blazing  speeds”  -Computer  Reseller  News  Test  Center 


'Industrial-strength.. 
superb"-pc  Magazine 


Very  powerful ...  a  staggering  number  of  ways  to  search 
-Windows  Magazine 


dtSearch! 


Ofez® 


Intuitive  and  austere  ...  a  superb  search  tool 


PC  World 


Industrial-strength., 
superb”— PC  Magazine 


dtSearch  “covers  all  data  sources ...  powerful 
Web-based  engines”  -eWEEK 


dtSearch! 


Blindingly  fast”  -Computer  Forensics:  Incident  Response  Essentials 


A  powerful  text  mining  engine  ...  effective  because  of  the  level 
of  intelligence  it  displays”  -PC  Al 


'Industrial-strength... 
superb"-pc  Magazine 


In  the  past  year  alone,  over  half  of  the  current  Fortune  10 
have  purchased  developer  or  network  licenses. 


'Industrial-strength.. 
superb"-pc  Magazine 


See  www.dtsearch.com  for : 

♦  developer  case  studies 

♦  fully-functional  evaluations 


1  -800-IT-FINDS 

sales@dtsearch.com 


Web 


yith  Desktop, 
Network  ana 


Network  Resource  Solutions,  Inc. 


USED 


NORTEL 

NETWORKS 

Cisco  Systems 
KJyfllper. 


BUY  &  SELL 


800-503-1350 

SALES@NETWORKRS.COM 

www.usednortelnetworks.com 


iruMi 


See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage 
Leather  goods 
Gifts 
Pens 
Clocks 
Lighters 
Games 


Systems/Feotures/Memory 


CBlC's/Cables/Parts 

Also  Available:  Extreme,  Adtran 

In  Stock  •  Fast  Delivery  •  No  Expedite  Charges 


COMSTAR,  INC. 

me  #-/  Network  Remarketer 


Fax  952*835*1927  www.comstarinc.com 


CISCO  NORTEL 


Nortel  Baystack 
450-24T  Switch  Rag.  S695 


Cisco 

WS-C1S24C-EN  Reg.  $350 


Nortel  Baystack 
310-24T  Switch  Reg.  $295 


Cisco  2501  Reg. 


Fax  Equipment  List 
To  801-377-0078 

CARTEL 

NETWORKS 

Bay  Networks^ 

gjjgj  jpm 

caaetRon 

_ snremi 


NEW  • 


/  BUY  •  SELL 


888-8LANWAN  gA°.; 

Call  for  Free  Quote!  (888-852-6926)  www.nle.com 


Contact  these  companies  today  to  help  you  with  your  training  needs! 


IPexpert,  Inc. 

(866)  225-8064 
|  www.ipexpert.net 
CCIE  (R&S,  SEC,  and  C&S),  CCSP, 
GCNP,  CCNA,  IP  TELEPHONY 


I  Transcender 

(615)  726-8779 
I  www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


Learnkey,  Inc. 

(800)  865-0165 
|  www.leamkey.com 
Self-paced  online  CD  network 
I  certification  developer  bus/apps 


I CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggets.com 
Affordable  training  videos  on  CD. 

MCSE,  MCDDA,  MCSD,  CCNA,  Citrix.  Linux,  A+,  Net+  g 
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Software  Engineers-Multiple 
Positions:  wanted  by  an  IT  con¬ 
sulting  firm  in  Keene,  NH  to  work 
at  various  client  locations 
throughout  USA.  Respond  to 
HRO,  Infowave  Systems,  39 
Centra!  Square,  Suite  #201  A, 
Keene.  NH-  03431.  For  all  these 
positions.  Two  years  plus  pro¬ 
gressive  hands  on  experience  in 
software  design  and  develop¬ 
ment  with  a  Bachelors  Degree  is 
required. 

SAP  ERP.  Exp.  in  SAP  ERP 
modules  such  as  SD.  MM, 
FI/CO.  BW  and  RDBMS.  Testing 
and  Internet  Technologies. 
Oracle  Data  Warehouse:  Exp.  in 
enterprise  data  warehouse 
applications  on  Oracle.  UNIX, 
using  PL/SQL,  ETL  Informatics, 
Bl  Business  Objects.  Database 
tuning,  shell  scripts.  Oracle 
Applications  ll.x/IO.x. 

Microsoft  and  ERP:  Experience 
in  enterprise  and  web  applica¬ 
tions  using  Erwin,  ASP,  ERP 
GEAC  &  Great  Plains,  RDBMS, 
and  scripting  languages  on  Net 
Frame  work. 

Java:  Experience  in  enterprise 
and  web  applications  using 
Java-J2EE  tools,  XML  suite, 
Middle-tier,  Rational  Rose,  UML, 
Used  Cases,  BPMS  etc.  on 
UNIX.  And  Database  program¬ 
ming  on  any  RDBMS  and  script¬ 
ing  languages. 

MF  Data  warehouse:  Exper¬ 
ience  in  Enterprise  Data  ware¬ 
housing  applications  on  IBM 
Main  Frame  Environment,  per¬ 
form  Data  mining  and  ETL 
Process.  Develop  reporting 
using  Bl  tools  Business  Objects. 
Data  Warehouse  and  RETEK: 
Experience  in  scalable 
Enterprise  Data  Warehouse 
applications  using  DSS  tools 
such  as  Microstrategy  Suite. 
RETEK  RMS  and  RDW,  any 
RDBMS,  ETL  Processes,  EDI, 
database  programming  and 
scripting  languages. 


Information  Scientist 

(Pharmaceuticals).  RTP,  North 
Carolina.  Guide  and  review  pre- 
clinical  business  systems 
Requirements  and  Design 
against  company  standards, 
tools  and  established  architec¬ 
tures  for  large  pharmaceuticals 
R&D  company.  Supervise  tech¬ 
nical  implementation,  establish 
best  practices  and  lead  transi¬ 
tion  from  project  to  support. 
Lead  Design  and  Development 
Team  to  produce  optimum  sys¬ 
tems  for  pharmaceutical  opera¬ 
tions  Develop  evaluation  crite¬ 
ria,  research  products  and  pro¬ 
duce  evaluations  of  package 
solutions  based  on  user  needs 
in  pharmaceuticals  setting 
Define  technology  principles  and 
direction  for  projects  in  conjunc¬ 
tion  with  Information  Architects. 
Specify  development  tool  sets, 
plan  and  estimate  technical 
aspects  of  projects  and  specify 
design  alternatives.  Act  as  tech¬ 
nical  authority  for  the  project. 
Ensure  quality  and  regulatory 
standards  are  met.  Serve  as 
point  of  contact  for  suppliers  and 
company  groups  on  technical 
matters.  Req.:  Bachelor's 
degree  in  Computer  Information 
Science  2  years  of  experience 
in  job  offered  or  in  IT  System 
Development.  Following  experi¬ 
ence,  which  may  have  been 
obtained  concurrently:  working 
knowledge,  through  academic 
coursowork  or  experience,  of 
VB,  C++,  HTML,  XML,  IIS/ASP, 
SQL  Server.  Oracle,  Visual 
Interdev  Developer  2000,  Visual 
Basic  6  0  with  OLE  controls,  and 
CASE  tools:  1  year  of  experi¬ 
ence  designing  system  solutions 
for  large,  complex  R&D  organi¬ 
zation,  tncl.  hands-on  experi¬ 
ence  performing,  leading  and 
managing  technical  aspects  of 
the  system  development  life 
cycle:  2  years  of  experience  in 
pharmaceutical  industry. 
Resume  Mr  William  Kelley, 
GSK,  One  Franklin  Plaza. 
Philadelphia,  PA  19102. 


a)  Certified  Senior  Business 

Analysts  (ERP/CRM):  Oracle 
Apps.  11.03/11i,  PeopleSoft  8  0 
&  related  tech.:  (bl  Adds  DBAs: 

Oracle  RDBMS  7,x/9i,  Oracle 
Apps.  &  related  tools  upgrade  & 
migration,  ERWIN.  SQL  Server 
RDBMS/2000/7.0  and  related 
tech,  on  Solaris  &  various  other 
Dlatforms;  let  Certified  Oracle 

Adds  Proorammer  Analysts 

(ERP/CRM):  Oracle  Adds 

1 1 .03/1 1  i  (modules  -  GL.  AP,  AR, 
FA,  PO,  INV,  OE/OM,  WIP, 
BOM,  Discrete  &  Process  Mfg., 
HRMS,  Service)  -  Customize 
Oracle  Apps  using  Oracle 
Developer  6i/J  Developer  and 
related  tech,  for  service  mod¬ 
ules:  (d)  Senior  Proorammer/ 

Analyst:  Oracle  PL/SQL.  Oracle 
9i,  9iAS  &  related  tech.;  (e) 
Siebel  CRM/Oracle  CRM 

Confiauration  Proorammer/ 

Analysts:  Siebel  suite  incl.  & 
Oracle  CRM  31/11i  (Sales, 
Service  &  Transportation  mod¬ 
ules)  &  related  tech.:  (f)  Senior 
DBAs:  Svbase  12.5  &  related 
tech.,  Oracle  database  7.x/9i  & 
related  tech.:  fa)  Senior  OA 

Enoineers:  Performance  &  Load 
testing  in  Oracle  1 1  i  and  related 
tech.  Experience  testing  on 
Oracle  Processes  such  as  Order 
to  Cash,  Procure  to  pay  etc. 
Experience  with  Mercury  tools  & 
rel.  tech.:  (h)  Dataware  House 

Proorammer/Analvsts:  Oracle 

Dataware  Housing,  ETL  Tech.  - 
Cognos  7.x  &  related  tech,  suite 
of  Products  Finance,  Informatica 
6.2,  etc..  Data  Stage,  Abinition  & 
rel.  tech,  fi)  Software  Proara- 

mmer/Analvsts:  M.S.Net.  C#. 

C++,  VB,  J2EE,  Java  Strats, 
Documentum,  MS  Windows 
Administration  &  related  tech. 
Prevailing  wage.  Consulting 
positions  requiring  travel.  To 
apply,  send  resume  identifying 
position(s)  interested  to  HR, 
BPO  Systems,  501  Silverside 
Road,  Suite  83,  Wilmington,  DE 
19809.  EOE. 

Software  Test  Engineer: 
Proprietary  trading  firm,  dsgn  & 
execute  tests  for  electronic  trad¬ 
ing  systems  on  UNIX  & 
Windows  platforms.  Deliver 
strategic  applications  to  co's 
traders  &  customers;  learn  appli¬ 
cation  &  provide  feedback  to 
development  team  &  support 
users;  bug  reports  &  risk 
assessments  for  new  applica¬ 
tions,  releases  &  patches;  soft¬ 
ware  rollout  &  production  sup¬ 
port.  Req's:  Bachelor's  Deg,  or 
equiv,  in  Comp  Eng,  Comp  Sci 
or  related  field.  3  yrs  exp  in  job 
offered  or  3  yrs  exp  as  Systems 
Analyst/Consultant.  Exp  must 
include  real-time  client/server 
systems.  Oracle  or  other  rela¬ 
tional  database,  software  instal¬ 
lation,  system  testing,  produc¬ 
tion  verification  testing,  cus¬ 
tomer  certification  testing,  per¬ 
formance  testing  &  GUI  testing. 
Exp  can  be  gained  while  pursu¬ 
ing  deg.  Prof  in  Solaris,  UNIX, 
Windows  NT  &  Scripts. 
40hrs/wk.  email  resume  to 
recruiting@sig.com  reference 
code  2394 


Lead  Programmer  Analyst, 
Columbus,  GA.  Produce  and 
deliver  fully-tested  computer 
programs  from  business  require¬ 
ments  and/or  program  specifica¬ 
tions  on  time  and  according  to 
specifications  for  a  credit  card 
systems  and  processing  compa¬ 
ny. 

Competitive  Salary  Must  have 
Bachelor's  degree  or  equivalent 
in  Computer  Science  or 
Engineering  +  (5)  years  of  pro¬ 
fessional  experience  program¬ 
ming  in  a  mainframe  environ¬ 
ment  w/  COBOL,  DB2,  IMS.  & 
TSO  including  (6)  months  of 
TS2  &  TSYS  Government 
Services  platform  Must  have 
legal  authority  to  work  in  the 
U  S.  Please  send  resume 
demonstrating  all  minimum 
requirements  to:  Kerri 

Alexander.  1600  1st  Ave, 
Columbus,  GA,  31907;  Ref  # 
LPAGPU 


SENIOR  SYSTEMS 
INTEGRATION  ENGINEER 

Witness  Systems,  Inc.,  a 
Developer  of  Client/Server 
Monitoring  Software,  seeks  a 
qualified  Senior  Systems 
Integration  Engineer  for 
Bloomington,  IL  location.  Must 
have  a  Bachelor's  degree  or  for¬ 
eign  degree  equivalent  in 
Electrical  Engineering,  Comp¬ 
uter  Engineering,  or  related  field 
plus  2  years  of  experience  in  the 
position  offered  or  2  years  of 
experience  in  operating  systems 
administration,  database  admin¬ 
istration,  and  programming 
Salary  and  benefits  commensu¬ 
rate  with  experience.  Send 
resume  to:  Sheri  Mattison, 
Employment  Manager.  Witness 
Systems,  Inc.  300  Colonial 
Center  Parkway,  Roswell,  GA 
30076. 


Software  Engineer  sought  by 
Blackwood,  NJ-based  virtual 
marketplace  for  used  semicon¬ 
ductor  equipment.  Must  have 
Bach  in  Comp  Sci.,  Engg  or 
equiv  and  one  yr  relevant  exp  in 
Lotus  Notes,  Domino  5. 0/6.0, 
Java.  Javascript.  LotusScript, 
DHTML,  XML.  LS:DO.  Domino 
Workflow,  Visual  Basic  and 
ActiveX,  Web/Intranet  site 
design/development.  Must  be  a 
CLP  (Certified  Lotus  Pro¬ 
fessional).  Must  have  ability  to 
interface  with  Asian  customers 
and  have  understanding  of  Asian 
business  protocol.  Respond  to: 
HR  Dept,  GCEMARKET.COM, 
1001  Lower  Landing  Road,  Suite 
307,  Blackwood.  NJ  08012. 


Programmer  III.  Req  BS  or  equiv 
in  Comp  Sci,  Engr  or  related 
field  plus  3  yrs  exp  as 
Programmer  (including  3  yrs 
w/VB6,  Oracle  &  SQL  Server, 
Access/Excel,  Crystal  Reports; 
6  mos  w/Medicare  Claims  data; 
exp  w/XML,  XSLT,  XPATH). 
Send  resumes  to  Anne  Dennis, 
6000  Westown  Parkway,  #350E, 
West  Des  Moines,  IA  50266 
(Job  #g123). 


Software  Architect  -  Boulder, 
CO.  Design/implement  experi¬ 
mental  Grid  Svcs.  for  transfer¬ 
ring  distrib  data  from  high  ener¬ 
gy  &  fusion  experiments  &  simu¬ 
lations  using  component-orient¬ 
ed  middle-ware  technologies 
incl.  CORBA  Component  Model 
(CCM)  &  Grid  Svcs.  Req.  MS  in 
CS,  4  yrs.  exp,  building  &  evalu¬ 
ating  CORBA  distib.  communi¬ 
cation  framework  &  using  C++, 
OO  principles  and  design  pat¬ 
terns,  3  yrs.  exp.  in  CCM. 
Resumes  to  M.  O'Hare,  7750 
Clayton  Road,  #209,  Richmond 
Heights,  MO  63117. 


Want  a  new 
IT  career? 


Check  out  our  jobs 
in  the  combined 
CareerJournal.com 
database. 


www.itcareers.com 
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Now  combined  with 
CareerJournal.com, 
You  have  more  jobs 
to  choose  from.  Stop 
in  for  a  visit  and  see 
for  yourself  at: 

www.itcareers.com 

or  call: 

(800)  76 2-2977 
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IT  Careers 
Wants  You! 

Take  the  hassle  out  of 

job  searching  and 

check  us  out  at 

www.itcareers.com. 

Today,  more  than  ever, 
the  right  skills  fuel  the 
new  economy  and  IT 

Careers  wants  you  to  be 

there.  Check  us  out  at: 

www.itcareers.com 


Technical  Manager-Latin  Amer¬ 
ica  sought  for  Miami,  FL  office. 
Requires  Bachelor’s  degree  or 
the  equivalent  in  education  and 
progressive,  professional  expe¬ 
rience  in  Computer  Science, 
Computer  Engineering,  MIS,  or 
related  field,  3  yrs  exp  in  IT 
mgmt  serving  Latin  American 
businesses,  with  2+yrs  working 
knowledge  of  the  following  prod¬ 
ucts:  Cognos  suite  of  Application 
Development  Tools;  Cognos  Bl 
Platform;  Windows  and  Unix 
operating  systems;  Networks; 
and  Relational  Data  Base 
Management  Software  (such  as 
Oracle,  SQL-server),  and  bilin¬ 
gual  fluency  (oral  &  written)  in 
English  &  Spanish,  60%  int'l 
travel  to  Latin  America.  Must 
have  unrestricted  authorization 
to  work  in  the  U.S.  Respond  to: 
Ref#5879,  usjobs@cognos.com 
or  HR  Dept,  Cognos  Corp,  15 
Wayside  Road,  Burlington,  MA 
01803.  For  more  information,  go 
to  www. cognos.com 


SYSTEMS  ENGINEER 

Witness  Systems,  Inc.,  a 
Developer  of  Client/Server 
Monitoring  Software,  seeks  a 
qualified  Associate  Quality 
Assurance  Engineer  for  Atlanta. 
GA  location.  Must  have  a 
Bachelor's  degree  or  foreign 
degree  equivalent  in 
Engineering  or  related  field  plus 
2  years  of  experience  in  the 
position  offered  or  2  years  of 
experience  as  a  Software 
Engineer.  Salary  and  benefits 
commensurate  with  experience. 
Send  resume  to:  Sheri 

Mattison,  Employment  Manager, 
Witness  Systems,  Inc.  300 
Colonial  Center  Parkway, 
Roswell,  GA  30076. 


Strategy  Resources,  Inc.,  a  soft¬ 
ware  consulting  company  seeks 
a  Sr.  Software  Engineer  with 
expertise  in  web  applications,  e- 
commerce  and  e-date  exchange 
for  secure,  multi-user  large- 
scale  applications.  B.Sc./Comp. 
Sci.  with  5  years  exp.  Health 
care  industry/supervisory  expe¬ 
rience  highly  desirable.  Forward 
resume  to:  Attn:  SM,  360-23  W. 
Schick  Rd.,  #215,  Bloomingdale, 
IL  60108  or  email  to: 
info@lycontech.com 


Senior  Software  Engineer 
needed.  Must  have  Masters 
Degree  in  Computer  Scie¬ 
nce  or  Engineering  and  2 
yrs  experience  as  Software 
Engineer  including  2  years 
of  C/C++,  Assembly  and 
VxWorks.  Send  resumes  to 
Roy  Masters,  Epilog  Laser, 
500  Corporate  Circle,  Ste. 
L,  Golden,  CO  80401. 


ShellSoft  seeks  IT  professionals 
(programmer/system  analysts, 
software  engineers),  project 
engineers.  Our  minimum 
requirement  is  BS.  Good  skills 
using  Oracle,  SAP,  SQL,  Java, 
C/C++  preferred.  Some  position 
requires  travel.  Please  send 
resume  to: 

jobs@shellsoftinc.com.  EOE. 

Gordan  Food  Service  (GFS)  has 
openings  for  Sr.  Software 
Engineers/System  Analysts 
Candidates  must  have  minimum 
BS  degree  with  exp  in  Unix, 
Oracle  PL/SQL,  J2EE,  Tuxedo. 
MQ  Series.  Competitive  wage 
with  full  benefits.  Send  resume 
to  ereply@davidgroup.com. 
EOE. 


Programmer  Analyst 
opening:  4 

Software  design  and  develop¬ 
ment,  in  Java.  J2EE.  Corba, 
OOP  in  a  UNIX,  environment, 
UML,  RUP,  rational  rose,  Clear 
Case,  clear  quest.orbix  2000, 
weblogic  8.X,  Oracle,  dream 
weaver,  vignette.  Minimum  edu¬ 
cation  of  Bachelors  in  computer 
Science  or  related  fields  is 
required  with  2-3  years  of  expe¬ 
rience  or  masters  in  computer 
Science  or  related  fields  with  1- 
2  yrs  of  experience. 
Programmer  Analyst 
Opening:  4 

Software  design  and  develop¬ 
ment,  in  C/C++,  Corba,  OOP  in 
a  UNIX  environment,  UML,  RUP. 
rational  rose,  Clear  Case,  clear 
quest,  orbix  2000,  weblogic  8.X, 
Oracle,  dream  weaver,  minimum 
education  of  Bachelors  in  com¬ 
puter  Science  or  related  fields  is 
required  with  2-3  years  of  expe¬ 
rience  or  masters  in  computer 
Science  or  related  fields  with  1- 
2  yrs  of  experience. 

Send  resume  to: 

Semafor  Technologies  LLC 
3300  Holcomb  Bridge  Rd, 
#212 

Norcross,GA-30092 


Computer  Information  Systems 
Manager,  Charlotte,  NC, 
Wachovia  Corp.  Manage  a 
team  of  software  developers  to 
produce  software  appl..  Reqs. 
BA  or  equiv.  in  Computer 
Science  and  1  yr  exp.  in  the  pos. 
offered  or  as  an  IT  Developer  or 
Systems  Analyst.  The  lyr.  must 
have  incl.  new  appl.  dvlp.,  test¬ 
ing,  debugging  and  implementa¬ 
tion  of  client/server  and  web 
appl.,  converting  business 
specs,  into  code,  writing  data¬ 
base  code  (incl.  stored  proce¬ 
dures  and  triggers)  in  the  follow¬ 
ing  databases;  Sybase,  Oracle, 
SQL  Server  and  Microsoft 
Access,  Microsoft  Office, 
PowerBuilder,  Cold  Fusion, 
Autosys,  Unix  shell  scripting, 
MS  Visual  Studio.net,  and  HR 
mgmt.  systems  in  such  areas  as 
performance  mgmt.,  compensa¬ 
tion,  pos.  mgmt.,  benefits  and 
human  capital  mgmt.  incl, 
Peoplesoft.  M-F,  8-5,  Send 
resume  to  Geri  Henderson, 
Wachovia  Coip.,  300  South 
Brevard,  14th  Floor,  Charlotte, 
NC  28288.  No  phone  calls. 
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NET2S  is  a  leading  International  e- 
business,  information  technology, 
and  communication  infrastructure 
consulting  firm.  We  are  currently 
seeking  for  the  following  positions: 

•  Sr.  Tibco  (RV.  Hawk,  Ingetration 
Manager)  Developer 

•  IT  Risk  Mgmt  Security  Architect 

•  Sun  One  /Siteminder  Architect 

•  Business  Objects  /  Cognos 
Developers 

•  NET  Architect 

All  positions  require  BS/MS  degree 
with  a  minimum  of  2  to  3  years  of 
experience  in  the  field.  Must  pos¬ 
sess  excellent  communication 
skills  as  well. 

NET2S,  82  Wall  Street,  Suite  400, 
New  York.  NY  10005;  Fax:  (212) 
279-1960;  Phone  (212)279-6565;  or 
Email:  iobus-nv@net2s.com 


Sr.  Software  Engineer  -  Maintain 
&  develop  Bluetooth  HCI/BCSP 
s/w  layer  for  wireless  telephone 
systems  developer.  Evaluate, 
design  &  suppt  GSM  GPRS/ 
EGPRS  handset.  Maintain  & 
develop  the  GTT  code.  Bach's 
deg  in  Comp  Sci,  Physics  or 
Elec  Engrg  reqd  +  1  yr  exp  in 
job.  Snd  resume  to  PMCD.  1225 
Northbrook  Pkwy,  Suwanee,  GA 
30024,  Attn:  D.  Greer,  TY 


Large  bank  holding  company, 
headquartered  in  Tennessee 
seeks  experienced  database 
administrator,  with  knowledge 
and  experience  in  implementing 
and  managing  SQL  Server  and 
Oracle  databases.  Minimum  job 
duties  include  the  following:  day 
to  day  management,  administra¬ 
tion  and  maintenance  of  SQL 
server  database  using  visual 
and  non  visual  administration 
tools;  monitoring  server  perfor¬ 
mance;  performing  system  wide 
backup  support  of  database, 
system  wide  application  tuning 
and  query  analysis;  resolve 
database  capacity  and  replica¬ 
tion  issues;  creation  of  databas¬ 
es  and  objects,  user  administra¬ 
tion  and  implementation  of  secu¬ 
rity  standards;  writing  SQL  main¬ 
tenance  scripts;  and  writing 
complex  SQL  queries  to  imple¬ 
ment  business  logic  for  data 
transfer  using  BCP,  DTS, 
VBScript  or  FTPScripts; 
installing  SQL  software  and 
patches  on  clustered  environ¬ 
ments;  developing  and  imple¬ 
menting  database  backup 
strategies  and  database  security 
is  also  required.  The  adminis¬ 
trator  will  support  both  SQL 
Server  and  Oracle  database 
management  systems  although 
SQL  Server  is  the  primary  focus. 
Experience  on  Oracle  8i/9i 
administration  in  Sun  Solaris 
environment  is  also  required  for 
the  Oracle  responsibility  includ¬ 
ing;  Writing  of  Unix  Shell  Scripts. 
Minimum  educational  require¬ 
ments  include  the  following: 
Bachelor's  degree  in  Information 
Systems  or  related 
Computer/Information  degree. 
Microsoft  Certification  in  SQL 
Server.  Knowledge  and  experi¬ 
ence  with  various  software  pro¬ 
grams  including:  Windows, 
Windows  95,  Windows  2000, 
Novell  Netware,  Veritas 
NetBackup.  Rewards  commen¬ 
surate  with  experience  and  at 
least  equal  to  the  minimum  pre¬ 
vailing  wage  for  a  40-hour  week. 
Standard  benefits  package 
available.  Only  persons  with 
authorization  to  work  in  the  U.S. 
need  to  apply.  EEO.  Submit 
resume  and  three  references  to: 
Glen  Krebs  250  W.  Main  Street 
Suite  1600Lexington,  KY  40507 


Health  System  Software 
Engineer  to  develop  and  support 
advanced  healthcare  software 
applications  in  a  highly  distrib¬ 
uted  environment,  provide  real¬ 
time  connectivity  to  proprietary 
clinical  repositories,  serving  as 
technical  lead  on  desktop  inte¬ 
gration,  and  application  develop¬ 
ment  for  the  electronic  messag¬ 
ing  system.  Requirements:  min¬ 
imum  of  Bachelor’s  degree  in 
Computer  Science  or  related 
field  and  5  yrs  working  experi¬ 
ence  in  an  academic  or  research 
institution  setting.  Must  have 
extensive  working  experience 
with  JAVA,  Visual  C++,  Win32 
API  and  COM/DCOM.  Please 
send  resumes  to  George  Giles, 
Vanderbilt  University.  Dept  of 
Information  Management,  3401 
West  End  Ave.  Suite  700, 
Nashville.  TN  37203. 


Software  Engineer  Entry  level 
position  to  assist  Sr.  Software 
Engr  to  dsgn,  analyze,  code, 
test,  troubleshoot  &  maintain 
various  Warehouse  Mgmt 
s/ware  using  Advantage:Plex, 
SQL  Server  2000,  Sybase  SQL, 
Oracle  7.3.  Req.  Bach  in  CS, 
other  related  field  or  its  foreign 
equiv  based  on  educ  &  exp  + 
6mon  exp.  Resume  to  Pres  , 
Datex  Corp.  10300  49th  St.  N. 
Clearwater,  FL  33762. 


CONSULTANTS,  SYSTEMS 
PROJECTS:  Provide  complex 
systems  analysis,  technical 
specifications,  programming, 
design  support,  documentation 
and  project  management  to  user 
departments.  Develop  system 
and  program  specifications, 
work  diagrams  and  structure 
charts  Analyze,  review,  and 
alter  applications  to  optimize 
performance  and  develop  pro¬ 
gramming  standards.  Develop 
and/or  refine  programming  tech¬ 
niques  and  procedures  where 
few  precedents  exist,  including 
testing,  troubleshooting,  and 
debugging  of  applications. 
Perform  simulation  studies  to 
determine  effects  of  changes  in 
equipment  or  system  software 
and  assess  feasibility  and 
soundness  of  unique  and  com¬ 
plex  programming  project  pro¬ 
posals.  Communicate  project 
priorities  and  status  by  docu¬ 
menting  plans,  facilitating  meet¬ 
ings,  and  providing  post-imple¬ 
mentation  support  to  ensure 
user  needs  are  accurately 
defined  and  projects  continue  on 
schedule  and  within  budget. 
Keep  abreast  of  innovations  in 
technology  and  make  recom¬ 
mendations  to  application  devel¬ 
opment  and  maintenance  envi¬ 
ronment.  Multiple  openings. 
B.S./B.E.  in  Computer  Science. 
Computer  Applications,  Electr¬ 
onics  Engineering  or  related 
field  plus  2  years  of  experience 
in  job  offered  or  in  software 
development,  or  M.S.  in  same 
disciplines  is  required.  Exper¬ 
ience  and/or  education  might 
include  design,  development 
and  implementation  of  web- 
enabled  applications;  Object 
Oriented  Analysis  and  Develop¬ 
ment,  Extensible  Markup 
Language  (XML);  XSL;  Java; 
Java  Servlets;  Java  Server 
Pages  (JSP);  Java  Swing  (JFC); 
JavaScript;  HTML;  JDBC; 
Unified  Modeling  Language 
(UML);  Rational  Rose;  ATG 
Dynamo;  IBM  Websphere 
Application  Server;  IBM  Visual 
Age  for  Java;  IBM  Webshpere 
Application  Developer;  and 
Relational  Database.  Must  have 
current  authorization  to  be  per¬ 
manently  employed  in  the  U.S. 
37.5  hours/week  (8:30am-5pm). 
Send  resume  to  Briana  Canada, 
Liberty  Regional  Agency 
Markets,  350  E.  96th  St., 
Indianapolis,  IN  46240. 


Database  Administrator  needed. 
Must  have  Bachelor's  or  equiva¬ 
lent  in  Engineering,  Computer 
Science  or  Chemistry  and  3  yrs 
experience  as  DBA  including 
Oracle  7.3,  8.0  and  8i  with 
Windows  platform  and  UNIX. 
Must  also  have  one  yr  experi¬ 
ence  in  testing  and  validating 
system  in  compliance  with  Fed. 
Regs.  Work  located  in 
Wilmington,  MA.  Send  resumes 
to  Richard  Blanchette,  8483 
Middle  Fork  Road.  Boulder.  CO 
80302. 


SOFTWARE  ENGINEER  to  lead 
design  and  implementation  work 
on  advanced  medical  imaging  & 
distribution  systems  used  in 
radiology  imaging  centers  and 
hospitals;  design,  develop,  ana¬ 
lyze,  implement  and  maintain 
DICOM  desktop  viewer,  applet 
viewer,  QC  Station  and  DICOM 
Communication  Components 
using  Java,  Oracle,  and  XML. 
Require.  M  S.  in  Computer 
Science/Information  Systems. 
Competitive  salary  and  benefits 
Apply  with  resume  to:  Chief 
Technology  Officer,  NeumStar 
Solutions.  Inc.,  75  5th  Street, 
Suite  206,  Atlanta,  GA  30308. 
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YOU  ARE  CORDIALLY  INVITED... 

They're  the  three  most  important  days  in  technology  each  year. 

When  the  latest,  most-promising  innovations  are  unveiled  by  the  men  and  women  who 
created  them.  Demonstrated  exclusively  to  an  audience  of  press.  VCs.  Corporate  chiefs. 
Entrepreneurs.  Academics.  Competitors,  customers,  colleagues.  And  you. 

DEMO  2004: 

LAUNCHPAD  FOR  THE  WORLD'S  EMERGING  TECHNOLOGY. 

Three  days  of  stunning  breakthroughs  and  breathtaking  opportunities. 

DEMO  is  where  Kubi  Software  unveiled  Personal  Edition  and  suddenly  collaborative 
email  became  the  only  way  to  work.  Where  TiVo  went  from  an  idea  to  a  verb,  changing  the 
way  America  watches  television.  Where  Raju  Gulabani  transformed  telephony  by  opening 
his  laptop,  logging  onto  the  Internet,  and  calling  a  cell  phone  in  Seattle  via  VoIP. 

This  is  the  place  to  be  if  you  want  to  see  what's  next  -  and  you  want  to  see  it  first  - 
among  the  few  who  can  be  anywhere,  but  choose  to  be  here  with  you. 

DEMO  2004:  Please  join  us. 

Register  now  for  just  $1 ,995.  After  January  5th  the  cost  is  $2,595. 


§  V,  SFEBRUARY  15-17  WESTIN  KIERtANp  RESORT  &  SPA  SCOTTSDALE,  ARiZONA  WWW.DEMO.COM/D4AlS 
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They  are  out  to  get  you 


ep.  It’s  true  and  you  aren’t  para¬ 
noid.  At  least  not  in  the  aliens- 
are-about-to-abduct-me-is-that- 
a-black-helicopter-Kennedy-was- 
assassinated-by-the-Mafia-or-was-it- 
LBJ  kind  of  way 

No,  your  feelings  of  paranoia  are 
really  just  your  natural  sense  of  self- 
preservation  honed  by  many  years  of  being  every¬ 
one’s  whipping  boy  and  reacting  to  how  the  IT 
world  really  is.  Let’s  look  at  the  sources  of  your 
paranoia: 

1.  Senior  executives:  They  never  start  out  to  get 
you. They  start  out  with  what  they  think  are  reason¬ 
able  requests  (“Could  we  implement  an  enterprise¬ 
wide  CRM  system  for  our  10,000  users  by  next 
Tuesday?"),  and  when  you  try  to  explain  politely  why 
they  obviously  are  operating  in  a  different  universe 
than  the  one  you  inhabit,  they  get  mad. 

The  reason  they  get  mad  is  they  don’t  understand 
what  you’re  saying. You  could  be  reciting  the  Old 
Testament  in  Swahili  for  all  they  know  or  care,  and 
the  fact  that  you  can’t  make  it  any  clearer  feels  to 
them  like  a  hearty  slap  on  the  back  when  they 
have  a  sunburn. They  are  out  to  get  you  for  not 
doing  what  they  think  they  heard  they  might  need 
because  they  think  it’s  strategic. 


2.  Vendors:  They  only  want  your  money. They 
throw  around  the  word  “solution”  even  though  they 
have  no  real  idea  what  your  problem  really  is  and 
wouldn’t  care  if  they  did. 

Most  of  them  don’t  give  a  fig  why  you’re  buying, 
whether  their  product  is  what  you  actually  need, 
whether  you  really  can  afford  it  and  whether 
once  installed  it  will  turn  into  a  gigantic  white 
elephant  with  enough  mass  to  collapse  into  a 
singularity  that  sucks  the  entire  organization  into 
oblivion. 

Here,  paranoia  is  an  absolute  must. You  need  to 
set  your  BS  detector  to  its  most  sensitive  and 
your  phasers  to  stun. They  are  out  to  get  you  and 
your  money  and  your  little  dog,  too. 

3.  Your  users:  They  often  sound  like  they  have 
real  problems,  but  let  yourself  get  too  sympathet¬ 
ic  and  too  involved  and  your  productive  time 
will  be  sucked  into  the  same  black  hole  that  the 
white  elephant  created. 

You  know  users  will  lie,  cheat  and  sell  their 
grandmothers  if  they  can  either  get  you  to  do  their 
work  for  them  or  blame  you  for  not  helping  them 
get  their  work  done.They  will  get  anyone  they  can, 
and  you’ll  do  nicely  because  all  the  senior  execu¬ 
tives  obviously  have  it  in  for  you  anyway. 


4.  Telecom  providers:  If  it  weren't  for  a  couple  of 
centuries  of  law  enforcement  these  guys  would  be 
standing  by  the  roadside  with  pistols  drawn, stop¬ 
ping  you  as  you  pull  into  the  car  park  and  crying 
“sign  this  over-priced,  over-complicated  service 
contract  or  your  life!” 

Once  they  get  you  (and  your  money)  you  can  for¬ 
get  about  support  or  service  unless  you  are  willing 
to  either  spend  significant  portions  of  your  life  on 
hold  or  pony  up  lots  of  cash  for  an  over-priced, 
over-complicated  support  contract. 

5.  All  those  people  who  want  your  job:  It’s  a 
tough  economy  out  there  and  from  where  they’re 
sitting,  they  can’t  see  the  senior  execs,  the  users  and 
the  telecom  providers.  If  only  they  had  the  view 
from  the  bottom  . . . 

6.  Everyone  else:  Yep,  there’s  the  government  try¬ 
ing  to  regulate  privacy  and  it  is  (of  course)  your 
problem,  the  tax  man  who  seems  to  think  you  work 
for  him,  hackers  who  just  want  to  ruin  your  life 
’cause  they  can,  and  . . .  well,  everyone. 

Yep,  in  IT  it  pays  to  be  paranoid  because  they 
are  all  out  to  get  you.  Just  be  glad  you’re  not  a 
columnist. 

Get  at  Backspin  at  backspin@gibbs.com. 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


Mail  call . . . 

Two  things  about  reader  e-mail  makes 
me  thankful:  First,  it  means  someone  is 

reading;  second,  it  makes  possible  these  periodic  “Letters  to  ’Net  Buzz"  columns. 

Here's  a  sample  of  what  has  been  on  your  minds  of  late: 

An  item  pointing  out  that  traffic  to  VeriSign’s  Web  sites  increased  dramati¬ 
cally  during  the  company's  short-lived  and  now  suspended  use  of  its  Site 
Finder  redirection  service  generated  a  good  deal  of  response,  most  negative 
toward  VeriSign. 

“Sure,  Site  Finder  created  a  bunch  of  traffic  and  put  VeriSign  right  up  there 
with  Amazon  and  Disney,  but  it's  unlikely  it  was  the  same  quality  of  traffic," 
Doug  Murray  writes.  "The  folks  who  visited  the  latter  two  probably  meant  to  go 
there  while  the  VeriSign  hits  don't  really  amount  to  much  more  than  self-gener¬ 
ated  spam.  Of  course,  with  the  advantage  of  getting  hits  for  everybody's  typos, 
they  only  need  a  spam-type  response  rate  to  realize  a  business  value.  But  then 
factor  in  the  ill  will  and  bad  press,  and  with  any  luck,  Site  Finder  has  all  the  value 
of  New  Coke.” 

A  VeriSign  spokesman  also  wrote  to  tell  me  critics  have  gotten  it  all  wrong 
about  the  motivation  behind  Site  Finder.  “Being  able  to  offer  services  that  we 
think  benefit  the  Internet  user  is  what  motivates  us  —  because  that  is  good  for 
the  user  and  good  for  VeriSign,  too,"  he  says. 

Make  of  that  what  you  will. 

A  column  recounting  the  travails  of  a  Microsoft  Hotmail  user  included  his  com¬ 
plaint  that  being  forced  to  change  e-mail  addresses  was  exactly  the  type  of  con¬ 
sumer  affront  that  brought  us  to  last  week's  introduction  of  wireless  number 
portability. 

"Your  analogy  of  e-mail  portability  to  phone  number  portability  is  right  on,”  Bill 
D'Avanzo  says.  "There  should  be  a  law  requiring  major  providers  to  forward  mail 


—  for  a  period  of  time  anyway  —  perhaps  for  a  small,  specified  fee.” 

He  might  have  a  point,  but  I’m  not  sure  about  adding  another  law. 

Like  most  commentators  who  addressed  the  subject,  Buzz  took  to  task  as 
patently  offensive  DARPA’s  short-lived  scheme  —  dubbed  the  Policy  Analysis 
Market  (PAM)  —  to  use  the  predictive  powers  of  online  futures  trading  to  combat 
terrorism.  Most  doesn't  mean  everyone,  of  course. 

“Count  me  opposed  to  your  views  on  PAM,"  Raymond  Ballou  writes.  "Let  them 
do  whatever  it  takes  to  save  lives.  My  sensibilities  were  not  in  the  least  bit 
offended.” 

Let’s  toss  in  a  piece  of  fan  mail  just  for  fun. 

"I  am  not  your  typical  reader.  I  hardly  understand  most  of  what  I  am  reading,  but 
my  thanks  to  you  for  making  most  of  your  editorial  articles  simple  to  understand," 
Mark  B.  writes.  “Also,  if  you  ever  get  the  urge  to  change  the  name  of  your  column, 
may  I  suggest  ‘McNamara's  Band-width.”' 

Ouch. Think  I'll  stick  with  'Net  Buzz. 

A  rant  about  Orbitz  and  pop-ups  garnered  this  helpful  advice: 

"Get  the  Google  toolbar.  As  an  added  bonus,  it  blocks  pop-ups  for  free,"  Phil 
Daley  writes.  “Since  I  installed  it  last  month,  it  has  blocked  210  pop-ups." 

As  an  added  added  bonus  —  at  least  for  me  —  this  is  one  pop-up  blocker  that 
our  IT  department  lets  us  use. 

Let’s  finish  up  with  one  of  my  all-time  favorites,  which  comes  from  a  reader  who 
took  great  exception  to  my  critique  of  the  impact  European  privacy  law  is  having 
on  American  business. 

“Read  your  ridiculously  biased  diatribe  against  Europeans  and  privacy  protec¬ 
tion,"  fumes  this  fellow,  who  asked  not  to  be  quoted.  “You  are  one  of  the  reasons 
for  the  decline  of  the  American  empire.” 

Most  people  in  most  jobs  never  get  blamed  for  the  fall  of  empires.  It’s  just  one 
reason  I  find  this  gig  so  much  fun. 

There's  always  room  for  more.  The  address  is  buzz@nww.com. 
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The  NetVanta  3000  Series  from  ADTRAN. 


Dare  to  Compare! 

NetVanta 

3305 

Industry-Leading 

Brand 

Dual  Network  Interfaces 

✓ 

$$$ 

Dual  Ethernet  Interfaces 

✓ 

sss 

Stateful  Inspection  Firewall 

✓ 

sss 

Command  Line  Interface  (CLI) 

✓ 

✓ 

Quality  of  Service  (QoS) 

✓ 

✓ 

VLAN  Trunking 

✓ 

✓ 

Virtual  Private  Networking  (VPN) 

S 

sss 

Dial  Backup 

$ 

SSS 

PBX  Connectivity 

$ 

$$$$$ 

Unlimited  Telephone  Support 

✓ 

$$$ 

Free  Maintenance  Releases 

✓ 

Not  Available 

Warranty 

5  Year 

1  Year 

Uncompromising  quality.  Affordable  price.  There's  no  better  value 
in  access  routers  than  the  NetVanta  3000  Series  from  ADTRAN. 


Using  a  NetVanta  3000  router,  you  can  outfit  a  remote 
location  with  complete  T1  voice  and  data  communications 
for  50%  less  than  you’re  accustomed  to  paying.  Loaded 
with  standard  features,  and  available  with  very  reasonably 
priced  options,  the  NetVanta  3000  Series  is  everything  you 
need  in  a  router  and  more.  Lower  price  isn’t  the  result  of 
cutting  corners — it’s  the  result  of  smart  engineering. 
Engineering  that’s  backed  by  a  100%  satisfaction  guarantee 
from  ADTRAN,  including  unlimited  telephone  technical 
support  (before  and  after  the  sal e),free  tna in te nance, upgrades, 
and  a  full  five-year  warranty.  Try  a  NetVanta  3000  router 
today.  And  start  getting  more  out  of  your  router  dollar. 


Why  pay  more? 


Test  your  CLI  knowledge!  Receive  a  free  T-Shirt! 

www.adtran.  com/in  fo/wh  ypa  ymore 


877.767.6022  Technical  Questions 
877.280.8416  Where  to  Buy 


Experts  choose  ADTRANT  ADiRAn 


